Review Feature Testing

• Assess if you can post a product review as a verified reviewer without having purchased the item.
• Attempt to provide a rating outside of the standard scale, for instance, a 0, 6 or negative number in a 1 to 5 scale system.
• Test if the same user can post multiple ratings for a single product. This is useful in detecting potential race conditions.
• Determine if the file upload field permits all extensions; developers often overlook protections on these endpoints.
• Investigate the possibility of posting reviews impersonating other users.
• Attempt Cross-Site Request Forgery (CSRF) on this feature, as it's frequently unprotected by tokens.

Discount Code Feature Testing

• Try to apply the same discount code multiple times to assess if it's reusable.
• If the discount code is unique, evaluate for race conditions by applying the same code for two accounts simultaneously.
• Test for Mass Assignment or HTTP Parameter Pollution to see if you can apply multiple discount codes when the application is designed to accept only one.
• Test for vulnerabilities from missing input sanitization such as XSS, SQL Injection on this feature.
• Attempt to apply discount codes to non-discounted items by manipulating the server-side request.

Delivery Fee Manipulation

• Experiment with negative values for delivery charges to see if it reduces the final amount.
• Evaluate if free delivery can be activated by modifying parameters.

Currency Arbitrage