Flawed enforcement of business rules
https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-flawed-enforcement-of-business-rules
Last updated
https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-flawed-enforcement-of-business-rules
Last updated
We have to login using the following credentials:
| Username | Password |
|---|---|
At the top of the page, we an see the following code:
If we scroll to the bottom, there is a newsletter that we can sign up for.
Once we signup for the newsletter, we get another code:
Now, all we have to do is add the "Lightweight l33t leather jacket" and apply the coupons in an alternating manner.
This works because the server checks if the coupon is not applied right after itself but does not check if it is applied after another coupon.
We have solved the lab.
wiener
peter
