Bug Bounty Writeup $$$ || Parameter Tampering
What is Parameter Tampering?
This parameter tampering can be said to be a method of manipulating the parameters that will be sent to the server to modify the data to be sent.
This cybersecurity vulnerability entails tempering or modifying the parameters associated with the client and server. The critical-most parameters that are generall accessed, via multiple techniques, and are further modified so that a specific data/credential/information is obtained.
Here, the targeted parameter could be anything. It could be the sales data or user credentials. Only web application parameters, stockpiled in URL Query Strings, cookies, HTTP headers, and hidden fields in HTML forms, are used for this attack. Let’s learn about all these in detail.
Scenario
basically the bug that I found can be said to be critical if we understand social engineering techniques, so why? I will explain below.
This happened when I wanted to shop for an item on one of the e-commerce websites, initially I wanted to order normally, immediately I thought of testing the order page.
Surely your friends have made payments on shopping websites such as Shopee and Tokopedia or other online shopping websites.
In this payment feature we can manipulate numbers, for example, friends should pay Rp.100,000 to the seller’s shop, with this bug friends can manipulate only pay Rp.10,000.
And I have tried this method on the shopping website **** and it works.
Let’s get straight to how I did it all
Step By Step
Of course, we have to go through this step first to order, but this is not the vulnerability, let’s continue.
You can see the details above that I ordered 10 items and the normal price is Rp.70,000 (I rounded up) and if I ordered 10 then the total is Rp.700,000 including shipping costs.
Then I continued shopping, and received a request from the server as shown below
In the total parameter, we can change the value from Rp.729,000 to Rp.2,000 and immediately I tried to send it back to the server and said it was valid.
at the time, I was very happy that this was a valid vulnerability.
and this vulnerability was declared valid by the team and they provided a bug bounty
Timeline:
- 11/01/2023 Report
- 25/01/2023 Send report again because there are no response
- 15/02/2023 Fix and Hall of Fame
- 09/03/2023 Bug Bounty $$$
