- With Burp running, log in and add a cheap item to your cart.
-
In Burp, go to "Proxy" > "HTTP history" and study the corresponding HTTP messages. Notice that the quantity is determined by a parameter in the
POST /cartrequest. -
Go to the "Intercept" tab and turn on interception. Add another item to your cart and go to the intercepted
POST /cartrequest in Burp. -
Change the
quantityparameter to an arbitrary integer, then forward any remaining requests. Observe that the quantity in the cart was successfully updated based on your input. - Repeat this process, but request a negative quantity this time. Check that this is successfully deducted from the cart quantity.
- Request a suitable negative quantity to remove more units from the cart than it currently contains. Confirm that you have successfully forced the cart to contain a negative quantity of the product. Go to your cart and notice that the total price is now also a negative amount.
- Add the leather jacket to your cart as normal. Add a suitable negative quantity of the another item to reduce the total price to less than your remaining store credit.
- Place the order to solve the lab.
Lab: High-level logic vulnerability
This lab doesn't adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a "Lightweight l33t leather jacket".
You can log in to your own account using the following credentials: wiener:peter
Register for free to track your learning progress
-
Practise exploiting vulnerabilities on realistic targets.
-
Record your progression from Apprentice to Expert.
-
See where you rank in our Hall of Fame.
Already got an account? Login here
