Hi, It’s Y0gi here, back again with a new writeup . Here we are going to look at one vulnerability which i discovered back in December 2021 while I was learning Logic bugs in depth
So It was during Christmas-eve ,and I was learning logic-bugs( Yea this line is very lame and the context is messy ,but here we are not writing a story ,so focus on the writeup ) . So I was going through the Online-Shopping by @0xAwali . and there were slides related to manipulation of the quantity of the cart items
So after learning about that i decided to test on a real site , and don’t remember why, but Ichoose Bewakoof .com as my target . So I quickly created an account and proceeded
I added 2 same items to cart of Bewakoof and chose another item of same price as of former and added it to cart as well.
After that, I increased the quantity of later one to 2 ,and intercepted the request in Burpsuite . Now I changed the parameter of “quantity”:2 to -2 which is a negative quantity and forward the request . And the Price of the former product got nullfied by this ,resulting in total price of 0 .Boom!!! we could buy the product for free now
But Wait a minute,
When I tried to Continue to proceed to finalize the order I couldn’t . So Iadded another product to cart ,and this time I was allowed to proceed so I noticed that the reason behind this is, when I was balancing price of one product with another to 0 ,the Bag quantity is also being changed to 0 ,and server is not allowing to complete purchase with 0 value of Bag .But a third product is successfully allowing purchase of all by paying price of only one ,also another way is ,if you don’t balance the whole price of one product ,then also site is allowing you to complete payment and place order
So I searched if Bewakoof has any RDP or VDP and I came across this https://www.bewakoof.com/contact-us/anotherquery/i-would-like-to-report-a-bug
I quickly made Poc and reported it in December through the form ,and 2 days after I got a response like they have forwarded the concern to the dev.
On February 6th I got response which looks like this . I rewrote them saying at least a proper Thanks is expected ,and they literally send the same mail again with different name from Customer care on 8th February .
I am like WTF yaar . Some people may say eehh you are doing BegBounty .No I am not expecting a bounty ,or any reward or anything but I can expect a proper appreciation in response like a manual reply not some copy paste bot message . Anyway here is the bug writeup . I hope you enjoy this writeup
For more cyber sec content you can subscribe to my you-tube channel as I post videos there regarding to bug-bounty https://www.youtube.com/channel/UCNlqBZY36HeKE3pPj6nvOrA and you can also follow me on twitter too https://twitter.com/AnonY0gi