6. Which logic vulnerabilities have you encountered? Given a login form, what is your general approach?
Common Logic Vulnerabilities
- Privilege escalation
- Response manipulation
- Payment amount manipulation
- Cookie brute-forcing
- Password recovery flaws
Login Page Approach
- Brute-force attacks
- Session fixation
- SQL injection
- XSS
- Arbitrary user registration
- Inspecting JavaScript files for sensitive information
- SMS bombing
- Universal passwords
- Second-order injection
- Template injection