What is a Business Logic Vulnerability#
A logic vulnerability refers to a logical error or defect that exists in a system, application, or other system components, which may lead to security issues or data leakage. These vulnerabilities are often caused by errors, incompleteness, or unreasonable logical judgments in the design or implementation process. Attackers can exploit these vulnerabilities to gain unauthorized access, manipulate data, or perform other malicious operations. These vulnerabilities are common in functions such as password modification, unauthorized access, password recovery, transaction payment amounts, etc.
This article will share some insights and experiences in the field of business logic vulnerability discovery.
Common Logic Vulnerabilities#
Due to the characteristics of logic vulnerabilities, they can occur anywhere and are difficult to protect against using methods such as WAF. Logic vulnerabilities can take various forms and often appear in combinations, such as concurrency + payment, unauthorized access + payment, etc. Therefore, the following classifications are not exhaustive or accurate, but they can help readers understand and summarize.
Payment#
Purchase Scenarios#
Modify payment price
Modify payment status
Modify purchase quantity to a negative number
Modify amount to a negative number
Replay successful requests
Improper handling of concurrent database locks
Rounding
Integer overflow
Coupon Scenarios#
Reuse coupons
Coupon enumeration
Concurrent use of coupons
There are many others, such as signing scenarios, etc.
The tricks of payment logic vulnerabilities are too numerous to mention here. I recommend watching videos by Yue Shen or searching for some summary articles online.
Unauthorized Access#
Unauthorized access vulnerabilities are undoubtedly crucial among logic vulnerabilities and can be divided into the following four categories:
Unauthenticated Access#
Accessing static files
Preventing access through specific URLs
Horizontal Privilege Escalation#
Attackers can access resources of other users with the same privileges, for example, the permission type remains the same, but the ID changes.
Vertical Privilege Escalation#
Low-level attackers can access resources of high-level users, for example, the permission ID remains the same, but the type changes.
Cross-Site Request Forgery#
Access with both permission ID and type changed.
Captcha#
Reuse captchas
Captcha brute-forcing
SMS bombing
Leakage of return packets
Bypassing local validation
DDoS attacks
Arbitrary User#
Includes operations such as taking over, logging in, deleting, enumerating, etc., as any user.
Password recovery
Password modification
Logic Flaws#
Lack of identity verification in WeChat login API
Hard-coded JWT
Breaking Limitations#
Improper content generated by AI
Breaking quantity limitations (products, likes, votes, points, lotteries, etc.)
How to Become an Expert in Logic Vulnerability Discovery#
Specialize in One Area#
When you specialize in a specific area of technology, you will come up with many creative ideas during the testing process, gradually forming your own set of strategies, making these vulnerabilities visible to you.
A Change in Mindset is Crucial#
In the early stages of vulnerability discovery, it is common to not find any vulnerabilities or have them ignored during the review process. Do not let this diminish your enthusiasm for vulnerability discovery. Treat each vulnerability submission as completing a task and do not dwell too much on the results. Only by maintaining a positive and optimistic mindset can you continuously improve and enhance your skills.
Be a "Detail-Oriented" Bug Hunter#
Regardless of the type of vulnerability you are looking for, you should not just skim through it. Each functionality should be carefully considered, and attention to detail is the foundation for discovering logic vulnerabilities. At the same time, maintain sensitivity to parameters. Only by being sensitive to details and having a deep understanding can you discover hidden logic vulnerabilities.
Luck is Also Part of Skill#
You need both technical skills and luck. Many times, discovering vulnerabilities requires a certain element of luck. However, luck often favors those who are prepared. By continuously striving and accumulating, improving your technical skills and sensitivity, you will naturally increase your chances of success.
Continuous Learning and Sharing#
Maintain a passion for learning, stay updated on the latest security trends and vulnerability cases. At the same time, by sharing your insights and experiences and exchanging ideas with peers, you can gain more inspiration and perspectives.
Knowledge Comes from Practice#
Participate in practical projects and CTF competitions to enhance your vulnerability discovery abilities through continuous hands-on experience. Theoretical knowledge is important, but practical experience is equally indispensable.
Use Automated Tools as Assistance#
Be proficient in using various automated tools for auxiliary detection, but do not rely solely on tools. Tools can help improve efficiency, but ultimately, discovering deeply hidden logic vulnerabilities still requires manual analysis.
Conclusion#
Through continuous learning, practice, and sharing, you will gradually become an excellent expert in logic vulnerability discovery. On this path, maintaining curiosity and an exploratory spirit is the key to success.