Hello
I found a price field that was made hidden in order to secure it. Can anyone tell me where (if at all) to find this on bugcrowd’s taxonomy? I am trying to determine if it’s worth reporting.
What does this price field allows you to do?
I can use Burp Suite’s Repeater to change the price and then forward it.
Sure, but the question is, what happens when you send an altered price? How is this a vulnerability? Can you actually buy items for the price you set, or something similar?
It is extremely unlikely that the price field was “made hidden in order to secure it.”
I am pretty sure I can buy items at the price I set. I would think that I can also set the price to a negative number and receive credit.
1 Like
Is there a way to scan for that hidden price field without having to check it manually if testing multiple pages?
Sorry it took me so long to reply Landmarkedweb. I am not sure what you mean.
1 Like
Well what is the site? Hidden form fields may require manual testing with burp. Was just curious if there was a way to find other sites in a more automated way.
Under Burp Suite’s Options tab, in the Response Modification Section, I checked both Unhide hidden form fields and Prominently highlight unhidden fields. Then, I navigated to an order form on the site I was testing, and the hidden price field was displayed.
1 Like