banner
言心吾

言心吾のBlog

吾言为心声
HomeArchivesLinks

Logic Vulnerabilities in SRC Mining

#挖洞#经验2098
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Business logic vulnerabilities refer to errors or defects in the logic of a system, application, or other components that can lead to security issues or data leaks. Attackers can exploit these vulnerabilities to gain unauthorized access, manipulate data, or perform malicious actions. Common examples include payment manipulation, unauthorized access, and password recovery flaws. To become skilled at discovering these vulnerabilities, one should focus on mastering a specific area of technology, maintain a positive attitude, pay attention to details, and continuously learn and share knowledge. Using automation tools can assist in detecting vulnerabilities, but manual analysis is still necessary to uncover deep-seated logic flaws.

What is a Business Logic Vulnerability#

A logic vulnerability refers to a logical error or defect that exists in a system, application, or other system components, which may lead to security issues or data leakage. These vulnerabilities are often caused by errors, incompleteness, or unreasonable logical judgments in the design or implementation process. Attackers can exploit these vulnerabilities to gain unauthorized access, manipulate data, or perform other malicious operations. These vulnerabilities are common in functions such as password modification, unauthorized access, password recovery, and transaction payment amounts.

This article will share some insights and experiences in the field of business logic vulnerability discovery.

Common Logic Vulnerabilities#

Due to the nature of logic vulnerabilities, they can occur anywhere and are difficult to protect against using methods such as WAF. Logic vulnerabilities can take various forms and often appear in combination, such as concurrency + payment, unauthorized access + payment, etc. Therefore, the following classifications are not exhaustive or accurate, but they can help readers understand and summarize.

Payment#

Purchase Scenarios#

Modify payment price
Modify payment status
Modify purchase quantity to a negative number
Modify amount to a negative number
Replay successful requests
Improper handling of concurrent database locks
Rounding
Integer overflow

Coupon Scenarios#

Reuse coupons
Coupon traversal
Concurrent use of coupons

There are many other scenarios, such as signing scenarios, etc.
The tricks of payment logic vulnerabilities are too numerous to mention. I recommend watching videos by Yue Shen or searching for some summary articles online.

Unauthorized Access#

Unauthorized access vulnerabilities are undoubtedly the most important part of logic vulnerabilities and can be divided into the following four categories:

Unauthenticated Access#

Access to static files
Prevent access through specific URLs

Horizontal Privilege Escalation#

Attackers can access resources of other users with the same permissions, for example, the permission type remains the same, but the ID changes.

Vertical Privilege Escalation#

Low-level attackers can access resources of high-level users, for example, the permission ID remains the same, but the type changes.

Cross-Site Request Forgery (CSRF)#

Access with both permission ID and type changed.

Captcha#

Reuse of captchas
Captcha brute-forcing
SMS bombing
Leakage of return packages
Bypassing local verification
DDoS attacks

Arbitrary User#

Including operations such as taking over, logging in, deleting, and traversing arbitrary users.

Password recovery
Password modification

Logic Defects#

Lack of identity verification in WeChat login API
Hard-coded JWT

Breaking Restrictions#

Improper content generated by AI
Breaking quantity limits (goods, likes, votes, points, lotteries, etc.)

How to Become an Expert in Logic Vulnerability Discovery#

Specialize in One Area#

When you are proficient in a certain area of technology, you will come up with many ingenious ideas during the testing process, gradually forming your own set of methods, making it difficult for this type of vulnerability to escape your attention.

A Change in Mindset is Crucial#

In the early stages of vulnerability discovery, it is common to not find any vulnerabilities or have them overlooked during the review process. Do not let this diminish your enthusiasm for vulnerability discovery. Treat each vulnerability submission as completing a task and do not dwell too much on the results. Only by maintaining a positive and optimistic mindset can you continuously improve and enhance your skills.

Be a "Detail-Oriented" Bug Hunter#

No matter what kind of vulnerability you are hunting for, you should not just skim over it. Each feature should be carefully considered, and attention to detail is the foundation for discovering logic vulnerabilities. At the same time, maintain sensitivity to parameters. Only by being sensitive to details and having a deep understanding can hidden logic vulnerabilities be discovered.

Luck is also Part of Skill#

Having both technical skills and luck is important. Many times, discovering vulnerabilities requires a certain element of luck. However, luck often favors those who are prepared. By continuously striving and accumulating, improving your technical level and sensitivity, you will naturally increase your chances of success.

Continuous Learning and Sharing#

Maintain a passion for learning, keep up with the latest security trends and vulnerability cases. At the same time, by sharing your insights and experiences and exchanging ideas with peers, you can gain more inspiration and ideas.

True Knowledge Comes from Practice#

Participate in practical projects and CTF competitions to enhance your vulnerability discovery skills through continuous hands-on experience. Theoretical knowledge is important, but practical experience is equally indispensable.

Use Automated Tools for Assistance#

Be proficient in using various automated tools for auxiliary detection, but do not rely solely on tools. Tools can help improve efficiency, but ultimately, human analysis is needed to discover deeply hidden logic vulnerabilities.

Conclusion#

Through continuous learning, practice, and sharing, you will gradually become an excellent expert in logic vulnerability discovery. On this path, maintaining curiosity and an exploratory spirit is the key to success.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.