Hidden From Field


I found a price field that was made hidden in order to secure it. Can anyone tell me where (if at all) to find this on bugcrowd’s taxonomy? I am trying to determine if it’s worth reporting.

What does this price field allows you to do?

I can use Burp Suite’s Repeater to change the price and then forward it.

Sure, but the question is, what happens when you send an altered price? How is this a vulnerability? Can you actually buy items for the price you set, or something similar?

It is extremely unlikely that the price field was “made hidden in order to secure it.”

I am pretty sure I can buy items at the price I set. I would think that I can also set the price to a negative number and receive credit.

Is there a way to scan for that hidden price field without having to check it manually if testing multiple pages?

Sorry it took me so long to reply Landmarkedweb. I am not sure what you mean.

Well what is the site? Hidden form fields may require manual testing with burp. Was just curious if there was a way to find other sites in a more automated way.

Under Burp Suite’s Options tab, in the Response Modification Section, I checked both Unhide hidden form fields and Prominently highlight unhidden fields. Then, I navigated to an order form on the site I was testing, and the hidden price field was displayed.