There is a Business logic vulnerability that can change the payment price.

First we have selected seven items. The price is ¥6*7=¥42.
![1](https://user-images.githubusercontent.com/37445725/44817140-08ffb080-ac17-11e8-9d08-86177c4839af.png)
Then we can get the request package.
![2](https://user-images.githubusercontent.com/37445725/44817142-09984700-ac17-11e8-9311-2f5b6655d522.png)
We changed the value of the parameter item_totals to 0.
![3](https://user-images.githubusercontent.com/37445725/44817143-09984700-ac17-11e8-9005-d06dce9d6faf.png)
So we can get free products like this.
![4](https://user-images.githubusercontent.com/37445725/44817144-09984700-ac17-11e8-92ba-013fd3adbaa8.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is a Business logic vulnerability that can change the payment price. #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is a Business logic vulnerability that can change the payment price. #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions