Post

PortSwigger - Business Logic Vulnerabilities - Lab 1

Posted Updated
Preview Image
By Jaco Zwarts 1 min read

Lab 1 - Excessive trust in client-side controls

Lab Objective:

This lab doesn’t adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, buy a “Lightweight l33t leather jacket”.

You can log in to your own account using the following credentials: wiener:peter

Reference:
Port Swigger - Lab 1
Rana Khalil - Business Logic Vulnerability - Lab1
Python Script

Solution

1. Login in with provided credentials wiener:peter

2. Click on Home to see the shop.

Business Logic Vulnerability Shop

3. Click on view Details for the Lightweight "l33t" Leather Jacket product

Business Logic Vulnerability - Product Detail

4. Intercept the request to Add Lightweight "l33t" Leather Jacket to your cart.

Business Logic Vulnerability - Cart Request

5. Change the price in the above request

Business Logic Vulnerability - Cart Request Price adjust

6. Navigate to your cart and purchase the Lightweight "l33t" Leather Jacket for $0.01

Business Logic Vulnerability - Purchase item Business Logic Vulnerability - Lab 1 Solved

PortSwigger
business-logic-vulnerability bscp
This post is licensed under CC BY 4.0 by the author.