ALFI
This page indexes all the writeups for business logic bugs I’ve found: Application Logic Flaw Index.
- Business Logic Flaws and Yahoo Games
- How I got your phone number through Facebook
- How I hacked hundreds of companies through their helpdesk
- Price Tampering | Buying T-Shirts at 2 INR
- Bruteforce Protections Bypass
- Send a Email to me and get kicked out of Google Groups !!
- Google Security Misconfiguration Leads to Account Takeover!
- Story of YouTube’s Unfixable Ads Bypass
- A Weird Price Tampering Vulnerability
- Author spoofing in Google Colaboratory
- The invincible kid
- Simple & Sweet - Bypass email update restriction to change emails of team members
- Deleting other user's comments
- Why you shouldn’t share links on Facebook
- I Want that Cookie !!!
- Breaking the Competition (CTF hoster's Bug Bounty Write-up)
- Adding a malicious notebook to be treated like a trusted notebook in Google Colab
- Bypassing the patch for my previous Instagram bug
- How I acquired $XXX bounty by investing 99 cents
- How I am able to hijack your autosuggestions in Google Search
- Bypassing Scratch Cards On Google Pay
- Bypass HackerOne 2FA requirement and reporter blacklist
- Harvesting all private invites
- A possibility of Account Takeover in Medium
- Security teams Internal attachments can be exported via “Export as .zip” feature on HackerOne
- Payment bypass
- My First Swag Pack - A Logical Bug on Edmodo
- How I got paid premium plan for free on many popular websites
- Breaking Business Logic via Coupons
- How I broke into Google Issue Tracker
- How I Could Have Promoted Any Facebook Page For Free