While testing an e-commerce application you notice that the shopping cart POST request carries a hidden price field that the server uses to calculate the final charge. You change price=1.00 in Burp and still complete the purchase for one dollar. Which application logic flaw has been exploited in this scenario?
SQL injection against the products table that overwrites prices
The tester exploited a business-logic error in which the server trusts a client-supplied value that directly influences the cost of the order. Because the application does not recalculate or validate the price on the server side, simple parameter tampering allows the attacker to lower the total. No timing issue is involved (so TOCTOU is incorrect), the request does not modify backend SQL statements (ruling out SQL injection), and no script is injected into the page (so XSS is not applicable).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is parameter tampering in web security?
Open an interactive chat with Bash
How does server-side validation prevent parameter tampering?
Open an interactive chat with Bash
What is the difference between server-side and client-side validation?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .