In this video, we cover Lab #2 in the Business Logic Vulnerabilities module of the Web Security Academy. This lab doesn't adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, we buy a "Lightweight l33t leather jacket". You can log in to your own account using the following credentials: wiener:peter.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/business-logic-vulnerabilities/lab-02/business-logic-flaw-lab-02.py

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/business-logic-vulnerabilities/lab-02/notes.txt

Web Security Academy Exercise Link: https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-high-level

Rana's Twitter account: https://twitter.com/rana__khalil