Price Manipulation Bypass Using Integer Overflow Method

Introduction

Integer Overflow

Exploitation

  1. I ordered 9223372036854775808 of item A.
  2. Upon submitting, the quantity becomes -9223372036854775808, proving the existence of the integer overflow bug.
  3. I ordered again 9223372036854775800 of item A so I will have -8 items of Item A in total.
  4. Now, my cart total is -80$
  5. I ordered 1 item of Item B (80$)
  6. Now, my cart total is $0.00
  7. At first, I thought that this was just a visual bug, and probably there is another checking in the server for negative quantities. To be sure that this is not a visual bug, I checked out my cart and paid using paypal. To my surprise, the bug worked and I paid my items for FREE.

--

--

--

Future Engineer | Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Publishing Your Rails Project to Heroku

Install Knative with Istio on IBM Cloud: the hard way

GKE multi-cluster life cycle management series

Get Commodity Accurate Data In Just A Few Clicks

Estimate Time for Productivity: Step By Step Guide to Succeed!

Time for dynamic ones

Best API Marketplaces For Italian Developers

Fast Rainbow Circuit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Marx Chryz Del Mundo

Marx Chryz Del Mundo

Future Engineer | Bug Bounty Hunter

More from Medium

Cross Site Port Attack in Wild

Xiaomi Execute Arbitrary JavaScript

A Curious Glitch in XSS Sanitizing

Exploit CVE-2022–23808