.png)
9 months ago
74 BOOK THIS SPACE FOR AD
ARTICLE ADHey Guys, I hope you are doing well, I’m KiRaaDx, Welcome to my first Writupe ♥
Description
This is a small story about one of my findings, an easy one :)!!
First, let’s know what is business logic errors to Fully understand how this weakness and other attacks happened
Business logic vulnerabilities are flaws in the design and implementation of an application that allows an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal. These flaws are generally the result of failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely.
So let’s Start, First the target is external (Google Dorking) let’s call it: target.com
i create account and send me i OTP to confirm my email:
i fire up my Burp to intercept the request and the request was like:
i try Null & 000000 but not working, so i try Response Manipulation and change the “error”:”unauthorized” to {“ok”:true} like this:
Guess what….
and done! And now my email is confirmed
Bengali (Bangladesh) · 
English (United States) ·