Vulnerability Name : Parameter Tampering (Allows user to tamper the amount that he needs to pay) Vulnerable URL : http://www.coderbounty.com/post/?url=http%3A%2F%2Fgithub.com%2FCoderBounty%2Fcoderbounty%2Fissues%2F165 Vulnerable Parameter (Tamperable) : grand_total Vulnerablity : By tampering the parameters while they are passed during the payment method we can change the price to be paid by the attacker as desired by the attacker. How to reproduce this issue: HERE I AM GIVING THE EXACT STEPS TO REPRODUCE THIS XSS VULNERABILITY 1). Open the browser and burpsuite and go till the payment options. 2). Go to the url paste this and intercept the request during forwareding the request. 3). Now select Paypal method to pay - keep intercepting and forwarding the request in burp-suite till you find the parameter 'grand_total'. 4). Find and modify the 'grand_total' parameter to the desired amount you want to tamper with. 5). Now login with your Paypal account to pay the grand_total. 6). Now you can find the amount payable that is the grand_total is being tampered to the modifies price in the 'grand_total' parameter . 7). Now an attacker can pay the modified tampered value amount of maney which is the tampered value and get his desired payment done. POC : screenshort attached in attachments. http://www.coderbounty.com/post/?url=http%3A%2F%2Fgithub.com%2FCoderBounty%2Fcoderbounty%2Fissues%2F165 375

General Number error Functional Performance Security Typo Design Save Cancel

OCR Results: