Price Manipulation via Product ID Mismatch in Checkout API (IDOR)
Category: Business Logic Vulnerability / Broken Access Control (OWASP A01:2021) Summary During security testing of an e-commerce application, I discovered that the checkout/order API endpoint did not properly validate the relationship between product_id and the corresponding price/total fields sent
โก
Key Insights
10 editorial insights.
AiFeed24 Teamยทโฑ 1 min readยทNews
Deep Analysis
Multi-Source Intelligence
Tags:#cloud
Found this useful? Share it!