#logicflaws search results
Soft-delete abuse: delete marks deleted=true but reads ignore flag on certain reporting endpoints. Toggle deleted flag via chained calls to resurrect data or bypass constraints. #BugBountyTips #LogicFlaws #DataIntegrity
Logic Flaws: 🔍 Logic flaws happen when smart contracts are poorly designed, leading to unexpected behavior. ⚡️ Attackers exploit these vulnerabilities to manipulate execution and steal funds. #LogicFlaws #SmartContractSecurity
Diagnosing #python #logicflaws is extremely hard; not for @RSnake (Robert Hansen) CTO of @BitDiscovery - he's found a new class of them. Join us next week Wed 2/23 Noon PST to hear his talk during @owasp LA Chapter monthly virtual meeting. RSVP now at meetup.com/OWASP-Los-Ange…
So....just following your premise...you shouldn’t be treating women. #logicflaws
API accepted ?_method=DELETE without auth. Method override as an open door. How would you neutralize unsafe overrides while preserving necessary clients? #BugBountyTips #HTTP #LogicFlaws
XSS chain User uploads profile name with <iframe src=...>. Normally harmless. But in email notifications, HTML is rendered without escaping. Logic bug + XSS = inbox takeover. #BugBountyTips #XSS #LogicFlaws #CyberSecurity
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated.
John Rustad just said he won’t enforce laws banning illegal assault weapons - putting our communities at risk of gun violence and allowing gangs to keep fueling the drug crisis #bcpoli
Scenario: Admin panel hides buttons via frontend JS. Backend checks for role=admin, but only on POST requests. Some GET endpoints skip the role check. How can a logical attack chain bypass the intended control? #BugBountyTips #LogicFlaws #InfoSec #Hacking
Progressive enhancement: feature present only when JS enabled. Server assumes JS did checks client-side and skips validation. Where do server-side blindspots open when progressive checks are assumed? #BugBountyTips #LogicFlaws #WebDev
@Copperpot5 how long did obama blame everything on W? #logicflaws #shortmemory
Webhooks: Payment provider signs requests, but app validates only the transaction ID. Imagine forging a webhook with a valid ID but no signature — balance credited. How would you design the validation to prevent this? #BugBountyTips #Webhooks #LogicFlaws
Missed @RSnake Robert Hansen's talk on diagnosing #python #logicflaws and variety of ways it's a #NaN issue? Recording is on @owasp Los Angeles Chapter's YouTube youtu.be/UFoZ-zoqzsQ
@M0j0M0M0 What? What if all they want is friendship...? #logicflaws
JWT kid header puzzle Server fetches public key from URL in kid. Logic flaw → attacker hosts malicious key file. Result: forge valid tokens, become admin. #BugBountyTips #JWT #LogicFlaws #BugBounty
Exposing Logic Flaws: The Ultimate Online Debate Breakdown #DebateAnalysis #LogicFlaws #OnlineArguments #CognitiveDissonance #YouTubeDebate #ArgumentEvaluation #DigitalDiscussion #OnlineBehavior #ContentAnalysis #CriticalThinking #agirlhazznoname #thepeoplesreceipts
@CoinOperatedJay Y'know, I didn't ask, but she has a cat, so I think that's pretty close to the same thing. #LogicFlaws
When my mom and dad lecture me I just laugh because 90% of the time they don't make sense. #LogicFlaws 😂
API accepted ?_method=DELETE without auth. Method override as an open door. How would you neutralize unsafe overrides while preserving necessary clients? #BugBountyTips #HTTP #LogicFlaws
Webhooks: Payment provider signs requests, but app validates only the transaction ID. Imagine forging a webhook with a valid ID but no signature — balance credited. How would you design the validation to prevent this? #BugBountyTips #Webhooks #LogicFlaws
Progressive enhancement: feature present only when JS enabled. Server assumes JS did checks client-side and skips validation. Where do server-side blindspots open when progressive checks are assumed? #BugBountyTips #LogicFlaws #WebDev
WebRTC: Datachannel allowed for unauthenticated peers during negotiation fallback. How might an attacker escalate from a fallback peer to a privileged broadcast? #BugBountyTips #WebRTC #LogicFlaws
DNS rebinding: App trusts 127.0.0.1 but allows DNS hostnames. DNS rebind → attacker’s domain resolves to localhost. Access internal admin panels. #BugBountyTips #DNS #LogicFlaws
SSRF via image upload: Server fetches image URLs to resize. Attacker supplies http://internal-api/admin. Blind SSRF → internal admin access. #BugBountyTips #SSRF #LogicFlaws
DNS rebinding: App trusts 127.0.0.1 but allows DNS hostnames. DNS rebind → attacker’s domain resolves to localhost. Access internal admin panels. #BugBountyTips #DNS #LogicFlaws
Soft-delete abuse: delete marks deleted=true but reads ignore flag on certain reporting endpoints. Toggle deleted flag via chained calls to resurrect data or bypass constraints. #BugBountyTips #LogicFlaws #DataIntegrity
JWT kid header puzzle Server fetches public key from URL in kid. Logic flaw → attacker hosts malicious key file. Result: forge valid tokens, become admin. #BugBountyTips #JWT #LogicFlaws #BugBounty
XSS chain User uploads profile name with <iframe src=...>. Normally harmless. But in email notifications, HTML is rendered without escaping. Logic bug + XSS = inbox takeover. #BugBountyTips #XSS #LogicFlaws #CyberSecurity
Scenario: Admin panel hides buttons via frontend JS. Backend checks for role=admin, but only on POST requests. Some GET endpoints skip the role check. How can a logical attack chain bypass the intended control? #BugBountyTips #LogicFlaws #InfoSec #Hacking
Exposing Logic Flaws: The Ultimate Online Debate Breakdown #DebateAnalysis #LogicFlaws #OnlineArguments #CognitiveDissonance #YouTubeDebate #ArgumentEvaluation #DigitalDiscussion #OnlineBehavior #ContentAnalysis #CriticalThinking #agirlhazznoname #thepeoplesreceipts
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated.
John Rustad just said he won’t enforce laws banning illegal assault weapons - putting our communities at risk of gun violence and allowing gangs to keep fueling the drug crisis #bcpoli
So many #logicflaws here: Assault weapons banned in Canada in 1977. The ban only impacts legal firearms in the hands of licensed owners, not "illegal assault weapons", which are already illegal - you can't ban illegal things, and they won't be confiscated. #FalseAssociations
I am NOT a healthcare worker. And the false equivalency is obvious. I'll maybe let a nurse or Dr. Field that one though. Rinse and repeat on the money... It is not a cure, but it is acknowledgement rather than a FU. The combination is driving additional attrition. #logicflaws
Diagnosing #python #logicflaws is extremely hard; not for @RSnake (Robert Hansen) CTO of @BitDiscovery - he's found a new class of them. Join us next week Wed 2/23 Noon PST to hear his talk during @owasp LA Chapter monthly virtual meeting. RSVP now at meetup.com/OWASP-Los-Ange…
Missed @RSnake Robert Hansen's talk on diagnosing #python #logicflaws and variety of ways it's a #NaN issue? Recording is on @owasp Los Angeles Chapter's YouTube youtu.be/UFoZ-zoqzsQ
Something went wrong.
Something went wrong.
United States Trends
- 1. #CashAppGreen N/A
- 2. hayley 15.1K posts
- 3. Rondo 2,329 posts
- 4. #FanCashDropPromotion 3,022 posts
- 5. Wale 41.8K posts
- 6. Summer Walker 32.8K posts
- 7. Bubba 16.6K posts
- 8. Bill Clinton 83.8K posts
- 9. #FursuitFriday 13.1K posts
- 10. #FridayVibes 6,687 posts
- 11. Bart Scott N/A
- 12. Hunter Biden 12.1K posts
- 13. Thomas Crooks 52.2K posts
- 14. Reid Hoffman 25.5K posts
- 15. #LCxCODSweepstakes N/A
- 16. Ticketmaster 8,532 posts
- 17. Jaylon Johnson 1,035 posts
- 18. Good Friday 67.9K posts
- 19. Epstein Hoax 45.6K posts
- 20. Vatican 11.5K posts