[BUSINESS LOGIC VULNERABILITIES]
GENERAL INFORMATION
GOAL: Test if the functionality is doing what is supposed to do, it is validating actions ? NOTES: - Important to analyze the requests using burpsuite. - Check for actions, shopping cart, prices, etc. - Check input user validation. - You can try with positive/negative values and check if the behavior is changing.
SAMPLE: productId=1&redir=PRODUCT&quantity=1&price=3700 - Sometimes the logic is broken and you can affect the behavior or the values.
SAMPLE: productId=2&redir=PRODUCT&quantity=-1 - Check if exist some coupons or any other functionality on the site, but is correctly validating ?NO CONTROLS
NOTES: - Requests inspection is needed. - Test if you can access functionality that should be available only for administrator or known users. - It is important to read if exist any behavior for specific users. SAMPLE: URI_PATH: http://URL/admin
©® - Since 2023