In this paper, we do a process of payment logic replication, because the website can only modify the quantity but not the amount. In this case, we use another method to reduce the amount test
0x01 open the website and find a watch that is more expensive in the website. The value is 5800 yuan. The website seems to be OK. The website is also very normal
I tested to grab the package when I bought it immediately. I found that the quantity can be modified but the amount cannot be modified. I tested to change the quantity to a negative number
Go to the next step, and when the payment confirmation page is reached, RMB 0.00 will be displayed successfully
I released the data package and wanted to start paying for this order, but when my payment was confirmed to the last step, the payment interface connected to the website could not pay for this order, indicating that the wechat link was abnormal, please contact customer service, which may be that the negative amount could not be paid in the payment.
0x02 because the amount cannot be modified in the test, it is useless to modify it. Only the quantity can be modified. So I tested this way. I found two items with the same price on the website, and then I used the more expensive items to modify them into a negative number. I used the slightly cheaper items as a positive number. Then I tried to see if this method was useful
I wanted to buy a 48 yuan strawberry jerky, so I found several items that were 0.1 yuan less than the 48 yuan price and added them to the shopping cart for modification
My dried strawberries are 48 yuan. The four items I found are 47.9 yuan. Just like dried strawberries are a dime cheaper, an order will generate a positive payment amount
A 0.1 amount has been generated, but the process of clicking to close the account does not support the closing of negative items. Here, I choose to grab the package and modify it once, although it will be troublesome again
If you can't pay for a negative item, you can season it with a positive number and pay it together in the bag grabbing payment. If you change it to a negative number, you can still go on. If you pay 6 yuan more, you can't calculate the freight. Regardless of it, you want to test whether you can receive the payment interface.
Successfully become 6.1 million
Then I tested whether I could modify the amount free of freight. I found that there was something wrong with the modification. After the modification, the price was the same. After calculation, it was 6 yuan!