🐧
Hassan Saad
  • WHO AM I ?
  • Red Teaming
    • C2 Infrastructure
    • External Reconnaissance
    • Initial Compromise
      • Executable File (EXE)
      • HTML Application (HTA)
      • Visual Basic (VBA Macros)
      • Password Spraying
      • MITM Attack
      • Email Spoofing
    • Host Reconnaissance
      • Seatbelt
      • Screenshots & Keylogging
    • Host Persistence
      • Task Scheduler
      • Startup Folder
      • Registry AutoRun
      • COM Hijacking
    • Host Privilege Escalation
      • Automated Tools
      • Unquoted Service Path
      • Weak Service Permission
      • Weak Service Binary
      • Always Install Elevated
      • UAC Bypass
    • Domain Reconnaissance
      • PowerView
      • BloodHound
      • Linux Host
      • Internal Applications
    • Lateral Movement
      • PowerShell Remoting
      • PsExec
      • WMI
      • DCOM
    • Credentials Access
      • LogonPasswords
      • Security Account Manager (SAM)
      • Domain Cached Creds
      • Kerberos Tickets
      • DPAPI
      • User Impersonation
      • Pass The Hash
      • Over Pass The Hash
      • Internal Password Spraying
      • Sniffing
      • NTLM Relay
    • Pivoting & Forwarding
      • SOCKS Proxy
      • Reverse Port Forwards
      • Local Port Forwards
      • Session Passing
      • P2P Listeners
      • NTLM Relay
    • Kerberos
      • Authentication
      • Kerberoasting
      • ASREP-Roasting
      • Unconstrained Delegation
      • Constrained Delegation
      • Linux Credential Cache
    • Group Policy
      • Enumeration
      • RSAT (GPMC)
      • Sharp GPO Abuse
    • Access Control Lists (DACL)
      • GenericAll
      • WriteDacl
      • WriteOwner
    • MS SQL Servers
      • Enumeration
      • NetNTLM Capture
      • Command Execution
      • Lateral Movement
      • Privilege Escalation
    • Domain Dominance
      • DCSync Backdoor
      • AdminSDHolder
      • Remote Registry Backdoor
      • Skeleton Key
      • Silver Ticket
      • Golden Ticket
    • Forest & Domain Trusts
      • Parent/Child
      • One Way (Inbound)
      • One Way (Outbound)
    • Evasion Techniques
      • Obfuscation
      • Process Injection
      • LAPS
      • AppLocker
      • PowerShell Constrained Mode
      • AMSI
      • Antivirus Exclusion
  • Penetration Testing
    • Information Gathering
    • Scanning
    • Exploitation
    • Post Exploitation
    • Password Attacks
    • Web Attacks
    • Exploit Development
  • Technology Essentials
    • Linux
      • Basics
      • Tasks
    • Windows
      • Basics
      • Tasks
    • Network
      • Basics
      • Tasks
    • Programming
      • Basics
      • Tasks
  • Bug Hunting
    • XSS on Nokia
    • XSS on Wuzzuf
    • Business Logic Flaw on Souq (Amazon Company)
    • Rate Limit Bypass on LinkedIn
    • Sensitive Data Exposure on Google
  • Tools
    • Recon Hunter
    • Mail Hunter
    • Mobile Hunter
    • Chimera (Threat Hunter)
  • Extras
    • SQL Injection
    • Web Basics
    • Mobile Testing
      • Mobile Testing 1
      • Mobile Testing 2
      • Mobile Testing 3
Powered by GitBook
On this page
  1. Bug Hunting

Business Logic Flaw on Souq (Amazon Company)

PreviousXSS on WuzzufNextRate Limit Bypass on LinkedIn

Last updated 2 years ago

Vulnerability Writeup

Affected Endpoint: https://egypt.souq.com/eg-ar/account.php

How to Reproduce

1- Select any product you want to buy, but must have the free shipping option above a specific amount of money, for example, Gym Bar which cost 139 EG pounds has a free shipping option if you buy things above 250 EG pounds.

2- Then if you buy one product below the free shipping limit the total price will be the product price + the shipping price, for example, 139 + 26 = 165 EG pounds.

3- Now buy things above the free shipping limit, for example, you can buy two Gym Bar which will cost 278 EG pounds and make the purchase.

4- Visit this link https://egypt.souq.com/eg-ar/account.php and cancel one of your items, for example, we will cancel one of the Gym Bar so the remaining items will be only one Gym Bar which will cost 139 EG pounds the original price without the shipping price, so the total price would be 139 EG pounds instead of 165 EG pounds.

Impact

This vulnerability can lead to a decrease in the price of the products by deleting the shipping price of the product and this leads to money loss for the company.

Proof of Concept