webProeasy

Lab 216 — ShelfWave — IDOR Price Manipulation in Checkout

hackadvisor

Task: ShelfWave checkout lets the browser submit product IDs, quantities, and prices for cart items. Solution: add the expensive Enterprise Vault Access product, then POST checkout JSON with its price changed to 0.01.

$ ls tags/ techniques/
client_side_validationidorbroken_access_controlprice_manipulationecommerce
idor_exploitationparameter_tamperingcheckout_price_manipulation
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub to continue. No email required.

$sign in

$ grep --similar

Similar writeups