Category
Logic Bugs
Application logic flaws — undocumented modes and hidden API behavior, and weak binding of proof tokens such as captchas and coupons.
0 categories
2 notes
Notes
2 totalreCAPTCHA / Coupon / Captcha Reuse as Business-Logic Attack Surface
Replay proof tokens weakly bound to an action, user, or cart across sessions to break business logic.
web
logic-bug
token-reuse
recaptcha
coupon
business-logic
Undocumented Mode / API Behavior through Simple Parameter Changes
Trigger hidden enum values or unsupported modes that remain fully implemented server-side even though the UI hides them.
web
logic-bug
hidden-parameters
api
authorization