Logic flaws
Last updated
Last updated
Heavily inspired by
If the app relies too much or solely on client-side controls, you may be able to intercept requests, and e.g. change the price of an item.
Negative numbers
Large numbers (integer overflows)
Long strings (they may get truncated only after the validation, to something you can use to exploit it)
If privileged functionality is dependent on e.g. email address (domain) and you are able to register an account and then change the email address accordingly (without the need to revalidating it), you may be able to escalate you privileges.
You may be able to trigger different logic flows inside the app by removing parameters. Only remove one at a time to ensure reaching all code paths and also remove only the value as well as name and value (may be handled differently on the server). Complete multi-stage processes, as changes may just reveal something further down the line.
E.g.
Remove the "old password" parameter from reset password request and try to reset another accounts password
If the password reset request contains the username, just change it
Just mess with the sequence by:
Skipping steps (drop requests, GET as well as POST)
Doing steps more than once
Return to a step later on
etc.
Take a close look stuff like vouchers and gift-cards.
Try to apply vouchers multiple times
Try to apply different vouchers, different order, multiple times, etc.
If you are able to purchase gift-cards for a reduced price (e.g. using vouchers), you may be able to kinda "print" money.
If user-controllable data is encrypted and the resulting ciphertext is then made available to the user, the user can use this to encrypt arbitrary data. If the app also uses encrypted data (using the same algorithm) in sensitive functions, the user can use this to craft his own payload. Sometimes even a decrypt function can be found, which makes crafting payloads a lot easier.