Skills
.Work. You
Rest

business-logic-attack

Official

Detect and exploit web app business logic flaws.

Software Engineering#testing#vulnerability#payment#business-logic#web-app#order#coupon
Authorwgpsec
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Web applications often fail to enforce business rules in server-side logic, allowing attackers to manipulate transactions, orders, and accounts.

Core Features & Use Cases

  • Detects price/amount manipulation in payments, quantity manipulation, order-status tampering, coupon/discount abuse, and race-condition risks in transactional flows.
  • Provides practical testing steps to reproduce business logic flaws in e-commerce or financial-like apps.
  • Use case: testing a checkout flow where changing order_id or price could bypass payments or alter orders.

Quick Start

Simulate price/amount and quantity changes in the checkout flow to verify server-side validation.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: business-logic-attack
Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#business-logic-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.