#logicflaws search results
Diagnosing #python #logicflaws is extremely hard; not for @RSnake (Robert Hansen) CTO of @BitDiscovery - he's found a new class of them. Join us next week Wed 2/23 Noon PST to hear his talk during @owasp LA Chapter monthly virtual meeting. RSVP now at meetup.com/OWASP-Los-Ange…
Logic Flaws: 🔍 Logic flaws happen when smart contracts are poorly designed, leading to unexpected behavior. ⚡️ Attackers exploit these vulnerabilities to manipulate execution and steal funds. #LogicFlaws #SmartContractSecurity
So....just following your premise...you shouldn’t be treating women. #logicflaws
Soft-delete abuse: delete marks deleted=true but reads ignore flag on certain reporting endpoints. Toggle deleted flag via chained calls to resurrect data or bypass constraints. #BugBountyTips #LogicFlaws #DataIntegrity
Missed @RSnake Robert Hansen's talk on diagnosing #python #logicflaws and variety of ways it's a #NaN issue? Recording is on @owasp Los Angeles Chapter's YouTube youtu.be/UFoZ-zoqzsQ
When my mom and dad lecture me I just laugh because 90% of the time they don't make sense. #LogicFlaws 😂
Progressive enhancement: feature present only when JS enabled. Server assumes JS did checks client-side and skips validation. Where do server-side blindspots open when progressive checks are assumed? #BugBountyTips #LogicFlaws #WebDev
@Copperpot5 how long did obama blame everything on W? #logicflaws #shortmemory
XSS chain User uploads profile name with <iframe src=...>. Normally harmless. But in email notifications, HTML is rendered without escaping. Logic bug + XSS = inbox takeover. #BugBountyTips #XSS #LogicFlaws #CyberSecurity
API accepted ?_method=DELETE without auth. Method override as an open door. How would you neutralize unsafe overrides while preserving necessary clients? #BugBountyTips #HTTP #LogicFlaws
Exposing Logic Flaws: The Ultimate Online Debate Breakdown #DebateAnalysis #LogicFlaws #OnlineArguments #CognitiveDissonance #YouTubeDebate #ArgumentEvaluation #DigitalDiscussion #OnlineBehavior #ContentAnalysis #CriticalThinking #agirlhazznoname #thepeoplesreceipts
Scenario: Admin panel hides buttons via frontend JS. Backend checks for role=admin, but only on POST requests. Some GET endpoints skip the role check. How can a logical attack chain bypass the intended control? #BugBountyTips #LogicFlaws #InfoSec #Hacking
Webhooks: Payment provider signs requests, but app validates only the transaction ID. Imagine forging a webhook with a valid ID but no signature — balance credited. How would you design the validation to prevent this? #BugBountyTips #Webhooks #LogicFlaws
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated.
John Rustad just said he won’t enforce laws banning illegal assault weapons - putting our communities at risk of gun violence and allowing gangs to keep fueling the drug crisis #bcpoli
@CoinOperatedJay Y'know, I didn't ask, but she has a cat, so I think that's pretty close to the same thing. #LogicFlaws
RT @Coldsun3000 There r 4 kings in a deck of cards, only 1 Joker #logicflaws RT @kareemtaylor: RT @necolebitchie: MEN r like a deck of cards
@M0j0M0M0 What? What if all they want is friendship...? #logicflaws
API accepted ?_method=DELETE without auth. Method override as an open door. How would you neutralize unsafe overrides while preserving necessary clients? #BugBountyTips #HTTP #LogicFlaws
Webhooks: Payment provider signs requests, but app validates only the transaction ID. Imagine forging a webhook with a valid ID but no signature — balance credited. How would you design the validation to prevent this? #BugBountyTips #Webhooks #LogicFlaws
Progressive enhancement: feature present only when JS enabled. Server assumes JS did checks client-side and skips validation. Where do server-side blindspots open when progressive checks are assumed? #BugBountyTips #LogicFlaws #WebDev
WebRTC: Datachannel allowed for unauthenticated peers during negotiation fallback. How might an attacker escalate from a fallback peer to a privileged broadcast? #BugBountyTips #WebRTC #LogicFlaws
DNS rebinding: App trusts 127.0.0.1 but allows DNS hostnames. DNS rebind → attacker’s domain resolves to localhost. Access internal admin panels. #BugBountyTips #DNS #LogicFlaws
SSRF via image upload: Server fetches image URLs to resize. Attacker supplies http://internal-api/admin. Blind SSRF → internal admin access. #BugBountyTips #SSRF #LogicFlaws
DNS rebinding: App trusts 127.0.0.1 but allows DNS hostnames. DNS rebind → attacker’s domain resolves to localhost. Access internal admin panels. #BugBountyTips #DNS #LogicFlaws
Soft-delete abuse: delete marks deleted=true but reads ignore flag on certain reporting endpoints. Toggle deleted flag via chained calls to resurrect data or bypass constraints. #BugBountyTips #LogicFlaws #DataIntegrity
JWT kid header puzzle Server fetches public key from URL in kid. Logic flaw → attacker hosts malicious key file. Result: forge valid tokens, become admin. #BugBountyTips #JWT #LogicFlaws #BugBounty
XSS chain User uploads profile name with <iframe src=...>. Normally harmless. But in email notifications, HTML is rendered without escaping. Logic bug + XSS = inbox takeover. #BugBountyTips #XSS #LogicFlaws #CyberSecurity
Scenario: Admin panel hides buttons via frontend JS. Backend checks for role=admin, but only on POST requests. Some GET endpoints skip the role check. How can a logical attack chain bypass the intended control? #BugBountyTips #LogicFlaws #InfoSec #Hacking
Exposing Logic Flaws: The Ultimate Online Debate Breakdown #DebateAnalysis #LogicFlaws #OnlineArguments #CognitiveDissonance #YouTubeDebate #ArgumentEvaluation #DigitalDiscussion #OnlineBehavior #ContentAnalysis #CriticalThinking #agirlhazznoname #thepeoplesreceipts
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated.
John Rustad just said he won’t enforce laws banning illegal assault weapons - putting our communities at risk of gun violence and allowing gangs to keep fueling the drug crisis #bcpoli
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated. #FalseAssociations
I am NOT a healthcare worker. And the false equivalency is obvious. I'll maybe let a nurse or Dr. Field that one though. Rinse and repeat on the money... It is not a cure, but it is acknowledgement rather than a FU. The combination is driving additional attrition. #logicflaws
Diagnosing #python #logicflaws is extremely hard; not for @RSnake (Robert Hansen) CTO of @BitDiscovery - he's found a new class of them. Join us next week Wed 2/23 Noon PST to hear his talk during @owasp LA Chapter monthly virtual meeting. RSVP now at meetup.com/OWASP-Los-Ange…
Missed @RSnake Robert Hansen's talk on diagnosing #python #logicflaws and variety of ways it's a #NaN issue? Recording is on @owasp Los Angeles Chapter's YouTube youtu.be/UFoZ-zoqzsQ
Something went wrong.
Something went wrong.
United States Trends
- 1. Penn State 23.2K posts
- 2. Indiana 38.7K posts
- 3. Mendoza 20.2K posts
- 4. Gus Johnson 6,764 posts
- 5. #UFCVegas111 5,107 posts
- 6. #iufb 4,197 posts
- 7. Sayin 69.2K posts
- 8. Omar Cooper 9,572 posts
- 9. Iowa 19.5K posts
- 10. Estevao 39.1K posts
- 11. Josh Hokit N/A
- 12. Sunderland 155K posts
- 13. Mizzou 3,730 posts
- 14. Kirby Moore N/A
- 15. Texas Tech 13.9K posts
- 16. Jim Knowles N/A
- 17. Happy Valley 1,908 posts
- 18. James Franklin 8,851 posts
- 19. Carter Smith N/A
- 20. Oregon 33.7K posts