mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
Restructure repository: Remove OWASP categorization, organize by vulnerability type
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,27 @@
|
||||
# Business Logic Vulnerabilities
|
||||
|
||||
## Description
|
||||
Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. These vulnerabilities occur when the application's legitimate processing flow can be used in a way that results in a negative consequence to the organization.
|
||||
|
||||
## Common Issues
|
||||
- Insufficient workflow validation
|
||||
- Price manipulation
|
||||
- Quantity manipulation
|
||||
- Race conditions
|
||||
- Bypassing business rules
|
||||
- Abuse of functionality
|
||||
- Lack of rate limiting
|
||||
|
||||
## Common Attack Vectors
|
||||
- Payment processing
|
||||
- Discount/coupon systems
|
||||
- Account creation/management
|
||||
- Transaction processing
|
||||
- File upload limits
|
||||
- Resource allocation
|
||||
|
||||
## Testing Approach
|
||||
Understand the application's business logic and test for ways to manipulate or bypass intended workflows and rules.
|
||||
|
||||
## Payloads
|
||||
See `business-logic-payloads.txt` for a comprehensive list of business logic testing scenarios and payloads.
|
||||
Reference in New Issue
Block a user