Attacker can add two free bags offered by the site at the same time.
Medium
M
Mars
Submitted None
Team Summary
Official summary from Mars
A vulnerability was found on the website "███████" that allows an attacker to add two free bags offered by the site simultaneously, despite the restriction of choosing only one. This is achieved by manipulating the API responsible for adding the free bags to the cart.
Actions:
Reported by
mkhmd17
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Business Logic Errors