Finding Your First Bug: Business Logic Errors
Correction: at 30:55 I launched intruder to just get errors back, however, this was because my JSON payloads were not legal JSON. I had missed a comma in Intruder. Thank you to FrenchPirate83 for finding that error. Hi everyone, welcome to the first video in my new series "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target. In this video, we'll be discussing Business Logic Errors, a type of bug that targets the logic of a website or app rather than the technical implementation. 0:00 - Theory: what is a business logic error/how to find them 7:09 - Case studies: 8 examples of business logic bugs by complexity 21:28 - Practical Burp: Looking at Flurry an app in scope on the Verizon Media public program -- Case Studies -- Response program can create bounty table - $500: https://hackerone.com/reports/460920 - OLO Total price manipulation using negative quantities - $3,500: https://hackerone.com/reports/364843 Able to manipulate order amount by removing cancellation amount and cause financial impact: $750 - https://hackerone.com/reports/614523 Gaining unlimited bonus points on websites with WooCommerce Points and Rewards - $150: https://hackerone.com/reports/592803 Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance - $1,500: https://hackerone.com/reports/574638 Lack of payment type validation in dial.uber.com allows for free rides - $5,000: https://hackerone.com/reports/162199 Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature - $2,500: https://hackerone.com/reports/334205 and / harvesting-all-private-invites-using-leave... Claiming package names in GitLab's automatic package referencer. - $1,000: https://hackerone.com/reports/462503 -- You Should Also Watch -- HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) - STÖK - • HOW TO GET STARTED IN BUG BOUNTY (9x PRO T... -- Social Media -- Twitter: / insiderphd
Finding Your First Bug: Manual IDOR Hunting
Finding Your First Bug: Finding Bugs Using APIs
How I Found My First Bug (and earned $1k!) - Business Logic Tips
Backend web development - a complete overview
Business Logic Vulnerability - Infinite Money Logic Flaw
How to Differentiate Yourself as a Bug Bounty Hunter - Mathias Karlsson @avlidienbrunn
5 Cybersecurity Certificates You Should Avoid (Do THIS Instead)
Finding Your First Bug: Choosing Your Target
Stunning 4K Underwater Wonders + Amazing Fish, Coral Reefs & Sea Animals + Relaxing Music #8
The Unity Tutorial For Complete Beginners
OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
Free Event: Power BI Beginner to Pro 2026 Edition - Full Hands-On Tutorial
Give Me 13 Minutes and This Will Be Your Best Bug Bounty Year
Finding Your Next Bug: GraphQL
Finding Your First Bug: Getting Started on a Target (Part 1)
How I Found My First Bug (now you can too)
Complete CYBERSECURITY Fundamentals: Everything You Need to Know
Finding Your First Bug: Reading JSON and XML for Information Disclosure
Finding Your First Bug
