API Payments 01

This exercise covers a simple payments bypass.

< 1 Hr.
API Badge


In this challenge, you will explore the flow of a shopping application that uses a payment gateway to process payments. When clients decide to check out, they are redirected to the payment gateway, where they can either cancel the payment and get redirected back to the shopping application or complete the payment and get redirected back to the shopping application. Your task is to manipulate this flow to convince the shopping application that a payment was made, even if it wasn't.

The video demonstrates how to exploit this vulnerability. By examining the URL parameters provided by the payment gateway, you can identify the success and cancel URLs. By directly accessing the success URL, you can trick the shopping application into believing that the payment was successful, thereby obtaining the key for the challenge. This exercise highlights the importance of validating payment confirmations within the shopping application itself.

Want to learn more? Get started with PentesterLab Pro! GO PRO