🛒Overview

This lab contains a logic flaw in the shopping cart workflow. The flaw allows you to submit a negative quantity for an item, which reduces the total price instead of increasing it.

By exploiting this, we can lower the total cost of our cart so that it falls within our store credit balance and buy expensive items for free.

Goal

Purchase the "Lightweight l33t leather jacket" ($1337) using the $100 store credit in our account.

Step-by-Step Solution

1️⃣ Log in

• Credentials:

  username : wiener
  password : peter
  
  

2️⃣ Initial Attempt – Direct Negative Quantity

1. Open the jacket’s product page → View details → Add to cart.

2. Press the “+” button to increase quantity while Intercept is ON in Burp Suite.

3. In the intercepted POST /cart request, change:

   quantity=2
   

   to:

   quantity=-2
   

4. The total price is reflected as -**2674**.

This confirms that the backend logic calculates total price as:

Total price = quantity × price per unit

1. When trying to order with a negative total, the site returns an error:

“Cart total price cannot be less than zero.”