mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

business-logic-payloads.txt

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Business Logic Vulnerabilities

Description

Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. These vulnerabilities occur when the application's legitimate processing flow can be used in a way that results in a negative consequence to the organization.

Common Issues

Insufficient workflow validation
Price manipulation
Quantity manipulation
Race conditions
Bypassing business rules
Abuse of functionality
Lack of rate limiting

Common Attack Vectors

Payment processing
Discount/coupon systems
Account creation/management
Transaction processing
File upload limits
Resource allocation

Testing Approach

Understand the application's business logic and test for ways to manipulate or bypass intended workflows and rules.

Payloads

See business-logic-payloads.txt for a comprehensive list of business logic testing scenarios and payloads.