Unveiling the Peril of Parameter Tampering: Safeguarding Premium Memberships
Introduction of Parameter tampering
Vulnerabilities and security problems can pose serious hazards to online platforms and their users in the wide digital realm. Parameter tampering is one such flaw that needs our attention since bad actors frequently use it to change crucial data. This blog seeks to educate readers on the risks of parameter tampering in the context of premium membership purchases and offers advice on how to shield your website's visitors from this sneaky peril.
A web application's intended functionality can be changed by changing the parameters given in a URL or HTTP request, a practise known as parameter tampering. Attackers may use this flaw to get around security safeguards, obtain access without authorization, or modify sensitive data. Parameter tampering can allow users to get around payment systems when purchasing premium memberships, giving them unrestricted access to premium services without having to pay.
Now let's talk how to hunt
When I suddenly go for a dating website and discover that I am unable to view every member's profile because I do not have a premium membership.
I decide to try something different. I try to buy a pricey membership when I get to the purchase dashboard.
So let's start a burp suit and capture the purchase request. Now that you can see the amount in the request,
let's change the amount and forward the request.
After
that, you can see that the page has been redirected to the PAYU BIZ
payment gateway and that the price has been successfully changed.
Let's buy the membership right now, Lat, and exploit the flaw.
0 Comments