Hello Guys, I’m writing this article to share with the community a vulnerability I found in PSEB’s IT Certification Program back in January 27th 2020. I reported it to them but didn’t receive any serious response from them. Since, the program has expired now so I’m publicly sharing the vulnerability.

If you have read my other articles, you’d know Parameter Tampering is one of my favorite attacks. It is very easy to exploit and do not require special setup of tools. The simplest definition of this vulnerability is:

Parameter Tampering is a type of vulnerability found in mostly eCommerce websites…

Hello guys, I hope everyone is doing great!
A little introduction about me, My name is Talat Mehmood and I’m an active bounty hunter, Freelancer and Penetration tester since 2017.

A lot of people asked me to writeup about my first ever bug bounty. Today, I finally got the time to write about it. This vulnerability is actually pretty interesting, so here it goes.

“Summary: I was able to Bypass Phone Number Verification by Tampering Parameters during Sign Up!”

Alright, so I was testing the “Sign up” module of the web application (let’s just call it vulnme.com). …

INTRODUCTION

Hello guys, I hope you all are doing good during this Pandemic. A little introduction about me, My name is Talat Mehmood and I’m an active bounty hunter, Freelancer and Penetration tester since 2017.

This is one of my favorite vulnerabilities that I’ve identified throughout my career in Information Security as Penetration Tester so I thought I should write an article about it to help the community.

“Price manipulation is a type of Parameter tampering vulnerability where an attack can change the price of a placed order. This vulnerability is common in eCommerce websites”

What made this vulnerability so special…