Skip to main content

6. Which logic vulnerabilities have you encountered? Given a login form, what is your general approach?

Common Logic Vulnerabilities

  • Privilege escalation
  • Response manipulation
  • Payment amount manipulation
  • Cookie brute-forcing
  • Password recovery flaws

Login Page Approach

  • Brute-force attacks
  • Session fixation
  • SQL injection
  • XSS
  • Arbitrary user registration
  • Inspecting JavaScript files for sensitive information
  • SMS bombing
  • Universal passwords
  • Second-order injection
  • Template injection