I have an ecom website, where we sell sports goods. From 1 month i have noticed a suspicious activity on my site. Some guy registers into my site with some junk details, then he logs in and dose a cash on delivery(COD) transaction, then he just logs off. But problem here is that he buy a product of worth 1000+ for just 90 Rs/200 Rs. I am quite sure he is playing around my data.
For Example:
For our convenience let the guy be SAM.
So SAM register into site and logs in. Then he browse to the product page, product details are: Product name: ADIDAS MASTER CRICKET BAT
Product price: 11,000 Rs Then he add this product to cart. Fill his shipping details. Proceed to order process page and select payment type as cash on delivery(COD). Next he lands on order success page, where he get summery of his transactions. By this time order is ready to process and shipped. But when we check our db for the order details we find order amount is 99 Rs/ 200 Rs. I am not sure where and how he is playing around data. We are using sessions to store all the transactions details. Our website is developed on asp.net 3.0v.
Please help in finding out how and where he is trying to tamper data.
Thank you for your help, but still need some more help
Thank you all for your help, i found the glitch on my website. We where using hidden fields in the cart page which helped the hacker to tamper our data. But now i wish to replace hidden fields with some secure one. Can somebody please help me with this.
FYI i my website is build on ASP.NET 3.0V.