Price Manipulation Methods

Method 1

• If the product price parameter cannot be changed, change the quantity of products:

• items[1][quantity]= 1 –> 234 EUR

• items[1][quantity]= 0.1 –> 23.4 EUR

• Congratulations, you bought the order for 10% of the price!

Method 2

• Add 2 products to the basket – let’s consider a single product is $40

• If the request is processed in this way: {“items”:{“laptop”:1,”mobile”:1}}

• Change the JSON body to: {“items”:{“laptop”:4,”mobile”:-2}}

• The cost will become $20 for 2 items: 4 * $40 – 2 * $70 = $160 – $140 = $20

Method 3

• Select any item to purchase

• Select PayPal as a payment method, intercept all the requests

• Until you got a parameter called ‘amount’ from PayPal

• Manipulate with the price and change it to 0.01$

• Pay, and wait for the confirmation