how i found the parameter tempering vulnerability?

Hi everyone i am back with another writeup,

this is price manipulation vulnerability, but they closed as informative.

they told me that payment gateway managed by third party sources.

but they patched the vulnerability. I don’t no what happened .

bug bounty field its quite common. its ok all is well.

coming to our topic, its private program on hackerone.

its limited scope only main domains are in scope. lets consider

the domain name is “storeskills.example.com”.

its online store for clothes, i was added some clothes to my cart.

i intercepted request with burpsuite. i was tired,

quantity changing(number changing to float like 0.5 or 0.1 like)

but here price was encrypted with hashing.so not possible for change.

nothing was worked, next i clicked “procced to payment”.

again i was captured request with burp suite .nothing was worked.

observe the above page, in shipping method section have two

shipping options, when i open the page its default free shipping.