How I Bought a $400 Jacket for Free Using a Business Logic Flaw
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
A bug bounty write-up demonstrating a business logic flaw in an e-commerce platform where stacking two promotional coupons (a new customer discount and a newsletter signup coupon) resulted in a $0 cart total for a ~$1400 jacket. The application failed to validate cumulative discount amounts or restrict coupon combinations,
β’3m read timeβ’ From infosecwriteups.com
Table of contents
π― Target Overviewπ§ Initial TestingGet Aashifβs stories in your inboxπ₯ Exploitation: Coupon Stacking Logic Flawπ Order Placementπ Impactπ Final ThoughtsSort: