business-logic-vuln

Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input injection.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "business-logic-vuln" with this command: npx skills add yaklang/hack-skills/yaklang-hack-skills-business-logic-vuln

Business Logic Router

This is the routing entry point for business-logic and state-machine issues.

When to Use

  • The target involves coupons, inventory, payment, approvals, quotas, invites, trials, or state transitions
  • The issue is not parser-level; it is about when checks happen and which business conditions are checked
  • You suspect race conditions, workflow bypass, price tampering, negative values, stacked discounts, or multi-step flaws

Skill Map

Recommended Flow

  1. First map key business states and one-time actions
  2. Then check for check-then-act windows, sequence dependencies, or missing cross-step authorization
  3. If the chain depends on APIs, uploads, or object permissions, return to the corresponding router skill to complete the path

Related Categories

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

hack

No summary provided by upstream source.

Repository SourceNeeds Review
233-yaklang
General

api-sec

No summary provided by upstream source.

Repository SourceNeeds Review
227-yaklang
General

api-auth-and-jwt-abuse

No summary provided by upstream source.

Repository SourceNeeds Review
224-yaklang
General

xss-cross-site-scripting

No summary provided by upstream source.

Repository SourceNeeds Review
223-yaklang