Discount Code Bypass
TaintedPort
Vuln ID
TP-021
Title
Discount Code Bypass
Severity
high
Type
Business Logic
HTTP Method
POST
URL
/orders
Parameter
discount_percent
Filename
-
Code Location
backend/api/controllers/OrderController.php lines 32-36
Description
The checkout accepts discount_code and discount_percent fields. Any non-empty discount_code is accepted as valid, and discount_percent is applied directly without validation.
Proof of Concept
{"discount_code": "anything", "discount_percent": 100} for a free order.Remediation
Validate discount codes against a server-side database. Never accept the percentage from the client.