· Introduction about functionality
· Bypassing paid functionality
· How to fix
· Introduction about functionality: I am working on website, let’s call it “www.somesite.com”. The website provides e-mail template’s. The website has two plans free and Business. The free plan has limited functionality but in business plan you can add other members of your organization to use “somesite.com”
By using business plan, you can add as many users as you want, but each user costs $7.So let suppose you want to add two user, it will cost $14. After choosing the business plan I choose to add 5 more users and it costs me $35.
· Bypassing paid functionality:
1. Configure your Burp Suite to listen all the requests coming from your browser.
2. After completing the service configuration shown in the screenshot above choose to pay via Card.
3. Enter any valid credit card and Proceed.
4. Intercept the request in Burp and look for the request going to the payment gateway.
5. Modify the value of amount and change it to $0.
6. Transaction Success and users has been added without paying anything.
· Vulnerability: The application is not verifying the amount on the server side and letting the value of amount travel in plain text in the request. Since there was not server side validation the transaction is getting successful without any payment.
· How to Fix:
1. Use encrypted amount values.
2. Instead of sending the amount on request, assign the unique IDs to the plans and retrieve the amount of the plan via the unique ID and too on server side.