business-logic-vuln
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseBusiness Logic Router
Business Logic Router
这是业务逻辑和状态机问题的分类入口。
This is the entry category for business logic and state machine issues.
When to Use
When to Use
- 目标涉及优惠券、库存、支付、审批、配额、邀请、试用或状态流转
- 问题不在解析器,而在“什么时候检查”和“检查了什么业务条件”
- 你怀疑是竞态、流程绕过、价格篡改、负值、叠加优惠或多步骤缺陷
- Targets involve coupons, inventory, payment, approval, quota, invitation, trial or state flow
- The problem is not with the parser, but lies in "when to check" and "what business conditions are checked"
- You suspect race conditions, process bypass, price tampering, negative values, stacked discounts or multi-step defects
Skill Map
Skill Map
- Business Logic Vulnerabilities
- Business Logic Vulnerabilities
Recommended Flow
Recommended Flow
- 先画出关键业务状态和一次性动作
- 再判断是否存在 check-then-act 窗口、顺序依赖或跨步骤授权缺失
- 若业务链路依赖 API、上传或对象权限,再回到对应分类 skill 补链路
- First draw key business states and one-time actions
- Then determine whether there is a check-then-act window, sequence dependency or lack of cross-step authorization
- If the business link relies on API, upload or object permissions, return to the corresponding category skill to supplement the link
Related Categories
Related Categories
- api-sec
- auth-sec
- file-access-vuln
- api-sec
- auth-sec
- file-access-vuln