Hey guys, Vikram here. This is my first writeup and not any clickbait. Coming to the topic, one night I sat down with my laptop open like I do every day and suddenly thought why not have fun with some vulnerable sites. Recently I have been searching for bugs on websites so that I could report them. You might be hearing about how hackers hack into websites and buy everything for free or at cheap prices. This is a small demonstration of how they do it.
This https://www.w3schools.com website provides certification which costs around 95$. Here I will show how to get this for just $1 using a web proxy tool. I used the UC browser and burp suite tool.
Step1 : Inspect the traffic with burp suite pro.
Here it clearly shows that the python certification costs around $95. A burp is a tool that catches all the requests and responses between the browser and the server.
Step 2 : Now lets inspect with a burp and change it to $1.
The below image is the burp suite through which I intercepted the traffic and changed the parameter value to 01 instead of 95. Currently, its showing 95 is highlighted.
Now I have changed it to $01 and forwarded the request to the server. The server will ask me to pay just $1 instead of $95.
Step 3 : Now check the Paypal page. It’s asking only $1 to pay.
Anyone with basic knowledge about the burp suite can do this. Though I have reported them many times I haven’t got a proper reply about fixing this so disclosing it open. I want to say one thing that if you are ever doing random web hacking then do not harm anyone or any site as it might land you in trouble. Use your skills in good ways.