Unprotected admin functionality

Unprotected admin functionality

Introduction So, how are you all? Today, we are starting to write articles on access control vulnerabilities. This is our first article on access control vulnerabilities. In this article, we will cover the PortSwigger Web … Read more

User role can be modified in user profile

User role can be modified in user profile

Introduction Hello friends, how are you? Today, we are going to write a practical-based article on access control vulnerabilities. This is our 4th article on access control vulnerabilities. In this article, we will cover the … Read more

User role controlled by request parameter

User role controlled by request parameter

Introduction To User role controlled by request parameter In this article, we are starting to write about access control vulnerabilities. This is our 3rd article focusing on access control vulnerabilities. Specifically, we will cover the … Read more

User ID controlled by request parameter

User ID controlled by request parameter

Introduction To User ID controlled by request parameter So, how are you all doing? Today we’re starting to write articles on access control vulnerabilities. This is our 5th article on access control vulnerabilities. In this … Read more

Weak isolation on dual-use endpoint

Weak Isolation On Dual-Use Endpoint

Introduction Hello everyone, how are you all doing? As you know, we solve PortSwigger Web Security labs on a daily basis. Today, we are covering the topic of business logic flaws in our 7th article. … Read more

Insufficient workflow validation

Insufficient Workflow Validation

Introduction In this article, we will cover the PortSwigger Web Security lab “Insufficient workflow validation.” We are explaining various business logic flaws practically, and this is our 8th article focusing on business logic flaws. Lab … Read more

Authentication bypass via flawed state

Authentication Bypass Via Flawed State Machine

Introduction Hello, friends! How are you all doing? This is our 12th article focusing on business logic vulnerabilities. In this article, we will practically solve the “Authentication bypass via flawed state machine” lab from PortSwigger … Read more

Inconsistent handling of exceptional input

Inconsistent Handling of Exceptional Input

Introduction In this lab Inconsistent handling of exceptional input, user input has not been properly validated, making it vulnerable to business logic flaws. You can exploit this flaw during account registration to gain administrative privileges. … Read more

Low-level logic flaw

Low-Level Logic Flaw

Introduction Hello everyone, we are solving the PortSwigger Web Security labs. This is our 6th lab focusing on business logic vulnerabilities. In this lab, we will practically solve a Low-level logic flaw. Lab Description For … Read more

High-level logic vulnerability

High-Level Logic Vulnerability

Introduction In this article, we will cover the High-level logic vulnerability lab. This lab has been provided to us by PortSwigger Web Security. This is our 3rd article on business logic vulnerabilities. If you want … Read more

Flawed Enforcement of Business Rules

Flawed Enforcement of Business Rules

Introduction Hello friends, I hope you all are doing well. This is our 5th article on business logic vulnerabilities. We are covering PortSwigger Web Security Labs, and today we will solve the “Flawed Enforcement of … Read more

Excessive trust in client-side controls

Excessive trust in client-side controls

Introduction Hey guys, how are you all doing? We are currently exploring business logic vulnerabilities in a series. “Excessive trust in client-side controls” is our first article on business logic vulnerabilities. We will be using … Read more

Business Logic Vulnerabilities Basic to Advanced

Business Logic Vulnerabilities Basic to Advanced

Business Logic In this article, we will explore Business Logic Vulnerabilities. Every web application has its own business logic. For example, what is Amazon’s business logic? Amazon’s business logic revolves around a customer visiting the … Read more

Exploiting XXE via image file upload

Exploiting XXE Via Image File Upload

Introduction This is our 8th article on XML or XXE injection vulnerabilities. In this article, we will solve the PortSwigger Web Security lab “Exploiting XXE via Image File Upload.” If you haven’t checked the other … Read more