How i Bought VPS, Hosting, Domain only $0.01 | Bug Bounty
Helo Guys My Name is Rafli Pasya.
So This Story gonna Tell you how i Found the Simple Vulnerability with Huge Impact .
So okay let’s start My Story.
btw Guys i found this kind of vulnerability on 2 different Local Site.
1. redaced.net ( Online Store )
2. redaced.com ( Web Hosting Service )
That day I wanted to buy RDP for Recon. I visited the redacted.net website, there I saw the “Paypal Checkout” button. Usually Online Store only sends POST data to Paypal(/cgi-bin/webscr) including the amount that needs to be paid, I definitely can change the price.
Note: It’s Sometime Work with Braintrees Payments if there is no Filter / Validator After / Before Transaction.
The redacted.net send POST request to Paypal like this :
if any hacker finds this request they will change the price and tax amount like this :
After Paid $0.01 I got an email from redacted.net that I paid the payment
I clicked The “Confirm My Payment” button then i saw my Order Changed To “Paid”.
The Seconds Bug I found at Hosting Service Provider.
This Website Didn’t Check Total Amout i have been Paid.
They Just Checking The Trx ID. if success they will Activate my Hosting…
Note: This Vulnerability Fixed on WHMCS, any Hosting provider using WHMCS is not vuln anymore because they check the Amount i paid.
if less than the total bill I have to pay off again.
I paid $0.01 For Rp 1.226.954 ( around $90-&95 )
I immediately Report This issue To Them, I Got Nice Bounty From Hosting Provider, the Online Store Give Me less xD ( Better Then not )
1 Nov 2019 = Found This Issue on redacted.net & then Report it.
2 Nov 2019 = Found This Issue on redacted.com & then Report it.
3 Nov 2019 = Bug Fixed & Awarded $500 from redacted.com
4 Now 2019 = Bug Fixed & Awarded Rupiah 1 Million from redacted.net
Thx For Reading this Write Up Guys !
Remember ! Always Read any Bug Bounty Write up on Pentester land . it’s usefull to help you