business-logic-vulnerabilities
Installation
SKILL.md
SKILL: Business Logic Vulnerabilities — Expert Attack Playbook
AI LOAD INSTRUCTION: Business logic flaws are scanner-invisible and high-reward on bug bounty. This skill covers race conditions, price manipulation, workflow bypass, coupon/referral abuse, negative values, and state machine attacks. These require human reasoning, not automation. For specific exploitation techniques (payment precision/overflow, captcha bypass, password reset flaws, user enumeration), load the companion SCENARIOS.md. For the workflow approach itself (modeling → state machine → attack-surface matrix → human judgement) load METHODOLOGY.md. For the per-module check items load CHECKLIST.md.
Companion files
| File | When to load |
|---|---|
| METHODOLOGY.md | Need the 5-phase workflow, attack-surface 5×N matrix, human-judgement decision tree |
| CHECKLIST.md | Going through a target module-by-module (login / register / payment / IDOR / privacy) and want every line item with why+verify |
| SCENARIOS.md | Drilling deeper into payment precision/overflow, captcha bypass, password reset, enumeration, frontend bypass |
Extended Scenarios
Related skills