My First Bug!
Parameter Tampering.
First, What is the Parameter Tampering?
As the name suggests Parameter Tampering is the tampering or manipulation of a parameter that is exchanged between the client and server through HTTP requests and responses, parameters carry information such as currency type, country code, price, permission, etc. which are used to increase the functionality of a website and to modify application data.
If a manipulated data is sent to the server and the server did not verify the data or process it securely it can cause an application to be manipulated,this is known as Parameter Tampering Attack.
Now straight to the vulnerability,
I was specifically looking for parameter tampering vulnerabilities on an e-commerce website using burp suite. I was trying basic amount manipulation by changing the amount of money, by capturing the response in the burp suite.
- I opened the website, created an account and ordered a ₹ 999 product, Then started my Burp, captured the request and manipulated the request to ₹ 1 and sent that response to the website.
The payment gateway was PayPal, the response got redirected to the payment page.
I reported this bug they fixed it, and it got accepted.
Thanks for reading!
I hope you got to learn something new.
If you liked it, please give it a clap and follow me for more blogs on cybersecurity related stuff!