How I Found a Payment Tampering Bug and Almost Paid Zero Dollars!
1 min read
Summary
The author encountered a payment tampering bug while attempting to checkout online after adding items to their cart.
During the checkout process, they noticed a parameter named amount in the HTTP request for item pricing that allowed them to modify the price.
They reduced the price substantially and the payment went through, indicating the absence of server-side validation for the amount parameter.
The author concluded by emphasizing that security requires vigilance and holistic thinking, urging users to not only focus on traditional vulnerabilities but also consider various attack vectors like the one they discovered.
They also emphasized the importance of server-side validation to prevent such vulnerabilities.