By | November 12, 2020

In this article, we are telling you about business logic flaw vulnerability like what it is, how we can find business logic flaw vulnerability in a website, everything will be told to you here.

You may have never heard of the name of business logic flaw vulnerability before because it is not talked about much, but if you get this vulnerability in a website, then you can get a good bug bounty.

Because business logic flaw vulnerability can cause so much damage to a website, as you read this article, you will understand everything, it is being told to you for educational purpose.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

Also Read

Local file inclusion vulnerability

what is insecure direct object reference idor

Business logic Flaw

If we try to understand Business logic Flaw Vulnerability in easy language, in such a way, we can do it that it becomes a bug if there is no limit of login attempt in any website.

For example, if you have been given an option to login to our website, in that case you fill the wrong password any time you want, in such a case if our website does not check how many times the user is filling the wrong password.

In such a way, you can say that this is business logic Flaw Vulnerability like in websites like facebook if we fill the wrong password, after trying some passwords in such a way, it temporarily blocks our account.

https://portswigger.net/web-security/logic-flaws

logic Flaw

As you can see in the image but it is not that you always get such bugs in such easy manner Business logic Flaw Vulnerability is very different, you also get its labs.

We are telling you how to solve some labs, everything is told to you in advance, how you can solve which labs as we have told you in an earlier article, on Postswigger you can solve labs by solving your can improve skills.

Working of Business logic Flaw Vulnerability ?

Before doing all this, you have to run the burp suite, how it is done, everyone knows how we use the burp suite to bring the websites we have visited, here you have also been told.

How to use Burpsuite ?

Here we are telling you an example of Business Logic Flaw Vulnerability, on the website of postswiger, we are telling you by solving a lab as you can see in the image, from here you have to access the lab.

https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-excessive-trust-in-client-side-controls

logic Flaw

Here you have also been told the solution, how you can solve this lab, after clicking on access the lab here, you have to login. Here in front of you, this lab is open like this.

Also Read Best hacking framework in kali linux

In this way you have to login here, here the username is wiener and the password is peter, it is already given to you in all the labs, after login in this way, you can solve the Business Logic Flaw Vulnerability lab here.

logic Flaw

After login here, you have to add a product here like we do in an e-commerce website of some kind, here we have to add to cart here also.

Also Read What is xml external entity injection

logic Flaw

Here we have added a jacket, after adding the product, this product opens in front of you in this way, here we are showing the place by ordering you by reducing the price of this product.

Business logic Flaw Vulnerability

After doing all this, when you check in the Burp suite’s http history, you get it in the option of proxy, in such a way you get a link to the cart, here you have to send this link to repeater from right click.

After doing all this, your request repeater shows something like this, as you can see in the image, you are getting a price show here, we can reduce this price from our own will.

Also Read Cross site scripting attacks practically

As you can see in the image, in this way we have reduced the price here and have sent the request in the same way, this is done in some kind of live website also if you get this bug, then you get a good bug bounty.

Also Read Missing functional level access control

Business logic Flaw Vulnerability

After sending the request, when you refresh the page with your add to cart, you can see that the price has reduced on the live website as well, this is how business logic Flaw Vulnerability works.

As you can see in the image here, we have placed the place order here, after doing all this, we have also got the notification that we have solved this lab, all such labs can be solved.

We want to clear you one thing here, if you solve all the labs in this website, in such a way you get a lot of knowledge of website vulnerabilities as well as you can bug bounty.

The Conclusion

I hope now you can understand about Business Logic Flaw Vulnerability Here we have told you by solving the same lab of Business Logic Flaw Vulnerability.

In this way, you get all kinds of labs here as well as you have also been told that how you can solve the labs of Business Logic Flaw Vulnerability, we will tell you more similar labs soon.

All this has been told to you for educational purpose, if you get Business logic Flaw Vulnerability in any website, in such a way, you should never misuse that website in any way.

If you attack such a website without any permission, legal action can also be taken on you because it is a cyber crime, so do not ever do this.

If you have any kind of question related to your business logic Flaw Vulnerability, in such a way, you can ask us in a comment or if you have any problem in solving any labs, you can still tell us.

If you like this article of ours, then you must share it, your full help will be done from our side as well as you can also tell on which topic you want articles.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *