Excessive trust in client-side controls via Logic Flaws
Exploiting Business Logic Vulnerability by abusing excessive trust in client-side controls
This post is the demonstration for abusing excessive trust in client-side controls that arise due to Business Logic Vulnerabilities via Portswigger Academy Labs
Business Logic Vulnerabilities
Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal. These flaws are generally the result of failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely.
The term "business logic" simply refers to the set of rules that define how the application operates. As these rules aren't always directly related to a business, the associated vulnerabilities are also known as "application logic vulnerabilities" or simply "logic flaws".
One of the main purposes of business logic is to enforce the rules and constraints that were defined when designing the application or functionality. Broadly speaking, the business rules dictate how the application should react when a given scenario occurs. This includes preventing users from doing things that will have a negative impact on the business or that simply don't make sense. To read more about it.
Lab Demonstration.
Lab page link
Now start BurpSuite and configure it to intercept requests in the background.
Now login with the credentials given.
Then navigate to home and and select and item.
Add it to cart and navigate to the cart.
Place the order.
We can see that we do not sufficient credit scores to purchase and the order failed. Now go to Burp history tab.
Click on the POST parameter that was used add item to the cart.
We have a parameter called 'price' to tamper with, send this request to repeater.
To bypass the logic flow of the website. We can change the 'price' parameter to number that is less than or equal to our credit score. In this case 90. Send the request and refresh the browser page.
We can see that the price of the item is changed. Place the order.
Last updated