High-level logic vulnerability
Let's click on the My account button and login using the following credentials:
| Username | Password |
|---|---|
| wiener | peter |
Now we can add the "Lightweight l33t leather jacket" to our cart.
Since we are proxying the traffic through Burp Suite, we can go Proxy > HTTP History to view the request.
Let's forward this request to the Repeater for further modification.
Once in the Repeater, we can set the quantity parameter to the following:
-2
Let's go back to our cart in the browser.
We can see that the quantity has gone from 1 to -1 since we set the quantity parameter to -2. Also the price is now negative.
Now, set the quantity back to 1 and add another product ("The Trolley-ON") to the cart.
We can view this request in the Proxy > HTTP History tab.
Let's forward it to the Repeater.
Inside the Repeater set the quantity parameter to the following and send the request:
-22
Let's check out our cart.
We can see that the quantity of "The Trolley-ON" has gone from 1 to -21. More importantly the price which in in negative has been subtracted from the jacket's price and the total is now lower than our credits.
Let's buy the products.
We have solved the lab.