edu Business Solutions Print Shop Pro WebDesk Negative Quantity Purchase Vulnerability

A business logic vulnerability has been identified in edu Business Solutions Print Shop Pro WebDesk version 18.34. The issue arises in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint, where remote attackers can create financial discrepancies by purchasing items with a negative quantity. This vulnerability is facilitated by a reliance on client-side input validation, which can be easily bypassed.

Impact

Exploitation of this vulnerability allows for the creation of financial discrepancies by manipulating product quantities, potentially leading to unauthorized discounts or altered transaction values.

Reproduction

To reproduce this vulnerability, first authenticate into Print Shop Pro WebDesk and navigate to the 'New Order' > 'Store Orders' section. Select an item and add it to the cart. Initially, client-side validation will prevent the addition of a negative quantity. However, this can be bypassed using a web proxy tool like Burp Suite. Intercept the request to the 'GetUnitPrice' endpoint and modify the 'txtQty' parameter to a negative value, such as -99. Forward the request and then click 'View Cart' to see the negative quantity reflected, despite the application displaying an error message. To complete the order, repeat the process by setting a negative quantity and bypassing the 'View Cart' step, directly finalizing the purchase instead.

Remediation

It is recommended to implement strong server-side validation to ensure that product quantities and other input parameters adhere to the intended business logic, preventing manipulation. Additionally, integrity checks should be enforced on transaction data to verify that total quantities align with expected values before processing orders.