LAB 104 - Identifying Business Logic Flaw Vulnerabilities

Course Overview

This lab presents a challenge in the Account All cyber range that exploits a Business Logic Flaw vulnerability caused in part by improper input validation. Adversaries exploiting business logic flaws take advantage of the legitimate processes of an application, many times by interacting with the application in unexpected ways. Business rules or business logic implemented in the application should prevent users from doing harmful or nonsensical actions. However, flaws in the design of such logic can lead to adversaries circumventing these rules.

In this lab, you are attempting to set a value for your W2 withholding that does not make sense. In the USA, this value is used in calculating the amount an employer withholds from an employee’s pay over the course of the year for tax purposes.