Business Logic Errors - A New Look
It commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application’s functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.
I found this wonderful vulnerability on one of the private program. I was able to delete anyone’s comment by just using the report feature.
This vulnerability is not limited only to comment section you can also report someone’s post, profile photo, blog, message, video etc. You’ll not always find the report feature but instead some companies also use the flag feature, you can also try their.
How to find this vulnerability ?
- Go to your target website that has comment feature
2. Here you’ll find many people have commented, in my case it was “fedoraismine” was the victim. (My another test account)
3. Use the report comment feature, click on report and select any option
4. Now click on continue and intercept the request using burp suite and send it to intruder
5. Now click on clear and go to payloads section in burp suite and select Null payloads
6. Now select the option Continue indefinitely
7. Now go to options and set the Number of threads to 100
8. Now click on start attack
9. Wait for 900 payloads to be executed
10. Reload the comment page
NOTE : If the comment is not deleted wait for some more payloads to get executed and then reload the page again
Thank You :)
Instagram : jerry._.3
Happy Hacking ;)