API Payments 04

This exercise covers how to abuse a shopping cart allowing users to apply a voucher..

< 1 Hr.
API Badge


In this challenge, your objective is to identify a vulnerability in the application's voucher management system. You start with a voucher code "HACKTHEPLANET" with a value of $20. By leveraging tools like Burp Suite, you will intercept and manipulate network requests to apply the voucher multiple times.

The video demonstrates a step-by-step approach to exploit this vulnerability. You will learn how to use Burp Suite to capture the request for applying the voucher and replay it enough times to reduce the total payable amount to less than $10. This manipulation will allow you to successfully complete the transaction and obtain the key for the challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO