Disrupting an Application’s Registration Process in 10 mins

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Disrupting an Application’s User Registration Process in 10 mins

So as usual this writeup will be divided into three sections

Introduction.Vulnerability Description.Steps to reproduce.IntroductionWhat are business logic vulnerabilities?Business logic vulnerabilities are flaws in the design and implementation of an application that allows an attacker to elicit unintended behaviour. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal. These flaws are generally the result of failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely.

Read more about it at https://portswigger.net/web-security/logic-flaws

So let's start with the introduction of our target. The target that I was hunting on is an e-commerce website. Which has all the basic functionalities that an e-commerce store should have.

Target Functionality: 2FA, log in and Signups, Profile Editing, Carts, Checkout etc.

In this writeup, we are focusing on profile editing functionality as I found the business logic flaw in this particular functionality.

Let me ask you, what are the basic functions that a developer includes on a profile editing page?Answer: Ability for a user to

Read more

Explore the site

More from the blog

Latest News