Most of the Corporates do not focus on their internal security. They think that they are secure because their internal assets are accessible by internally. But Red Team Members know very well that How can attacker exploit internal infrastructures.
Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organisations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse.
Possible attacks against VoIP:
Price Manipulation is a test case for Price Tampering. Generally, Penetration testers change the amount value of the product (i.e., shoes, tshirt, flight ticket, etc) from Rs.XXXX (or $XXXX) to Rs1 (or $1) in price tampering . And Sometimes, Penetration Testers change the Currency format means from Dollar to INR or others.
So, Here I am not gonna talk about above cases here. I found a unique case for price manipulation. I am not gonna paste here any POCs, Requests and Response. If you will have a doubt then contact me on Twitter or Linkedin.
I tested an E-Commerce web application. I tried all cases for price manipulation but got no success like I tried to change the product’s original amount value to 1 but it gave me error and I tried to change the currency format like Dollar to INR but got no success. …
Hi Infosec guys!!!! Hope you are doing well. If you are here then you are interested in learning more n more. This finding is not unique for some 1337 infosec guys but most of the guys do not test this case.
I tested an e-commerce application with my checklist specific to E-Commerce Application. I found many vulnerability on that application such as OTP in response, Price manipulation, Quantity manipulation, etc.
Here, I will talk about adding amount in Wallet and How did I misuse it to get thousands of Dollar bounty bug. I will use www.redacted.com as Target’s Host.
I created an account and go to the wallet section. I had 0 INR at starting. …