Business Logic Vulnerabilities - Lab #1 Excessive trust in client-side controls | Long Version

In this video, we cover Lab #1 in the Business Logic Vulnerabilities module of the Web Security Academy. This lab doesn't adequately validate user input. You can exploit a logic flaw in its purchasing workflow to buy items for an unintended price. To solve the lab, we buy a "Lightweight l33t leather jacket". You can log in to your own account using the following credentials: wiener:peter. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series ▬ 📚 Contents of This Video 📚 ▬▬▬▬▬▬▬▬▬▬ 00:00​​​ - Introduction 00:13 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:23 - Navigation to the exercise 01:55 - Understand the exercise and make notes about what is required to solve it 02:39 - Exploit the lab using Burp Suite 07:03 - Script the exploit in Python 25:40 - Summary 25:51 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/business-logic-vulnerabilities/lab-01/business-logic-flaw-lab-01.py Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/business-logic-vulnerabilities/lab-01/notes.txt Web Security Academy Exercise Link: https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-excessive-trust-in-client-side-controls Rana's Twitter account: https://twitter.com/rana__khalil