Member-only story
Exploiting Business Logic Vulnerability
With a real-world example:
Business Logic Vulnerabilities:
Business logic vulnerabilities need manual intervention as No tool can detect these and they can vary from application to application and very hazardous. We have to understand application logic, application functionality, implementations, and business requirements. Whenever we intercept the request, we have to manipulate specific parameters in the request or so to test for the business logic vulnerability
Some common example of business logic:
· Manipulation in the product price in the request so we can purchase products in less amount during the online shopping.
· Manipulation in user-supplied input (too much quantity or –ve quantity) and not checked from the server-side.
· Manipulation in intended flow (2FA).
It is application vulnerability, occurring from a gap in the defense and everyone has a different mindset to implement logic.
In online shopping, users add a single quantity of a costly product and some negative quantity of other product which makes the cart price 1 or 2 bucks so due to this he will be able to purchase the costly item at a very less price
