Business Logic Vulnerabilities in web applications are not new, but these vulnerabilities are extremely varied and too often untested. Testing for business logic flaws in today’s multi-functional dynamic web applications requires lateral thinking, systematic probing and unconventional methods.

Hello Fellow Hackers & Security Enthusiasts, I’m back again with a new Bugbounty Writeup. In this article, I’ll be sharing some of my recent findings where I’ve dealt with some Business Logic Flaws in the application. So, let’s start with understanding the vulnerability first.

What are Business Logic Vulnerabilities?

Business logic vulnerabilities are flaws in the design and implementation of an application…

Hi Fellow Hackers & Security Enthusiasts, I’m back again with a new Bugbounty Writeup. Today I am going to write How I was able to get Free Subscription of Premium Videos on an Application by Account Takeover. The application was vulnerable with Insecure direct object references (IDOR) through which I could perform several attacks. On further digging the endpoints, I was able to perform a Full Account Takeover by User’s Profile Information i.e. Email, Password, Mobile Numbers, etc. Before starting with the attack scenario, let’s see some basics about IDOR.

Insecure direct object references (IDOR) are a type of access…

Hello guys.. Hope everyone is safe in this pandemic period. Its been a long since I posted any article. So, now I’m back with my first blog on Bug Bounty. This blog covers the writeup of the vulnerability which I found some time ago. Definition of Vulnerabilities according to OWASP:

Business Logic Vulnerability:

Business logic vulnerabilities are ways of using the legitimate processing flow of an application in a way that results in a negative consequence to the organization.

Cross-site Request Forgery (CSRF):

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on…

“OSCP is a Journey, not a Destination”

Hello Everyone, Happy to Share that I have Successfully cleared my OSCP Exam. As many people has approached me for asking about My Experience through OSCP. So I am Writing this Post of My Journey to OSCP. Hope you will find it useful.

Registration & Preparation

After hearing a lot about OSCP, I decided to grab this feat. I started with the Challenges of HackTheBox and War Games (OverTheWire). After getting guidance from my colleagues, I registered on 29 June 2019 and scheduled my 1 Month PWK Lab on 13 October 2019. …

Pankaj Verma

Information Security Analyst | OSCP | Member@Synack Red Team Twitter:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store