Logic Flaws basically.

a class of issues where the application's core functions are used in unintended ways. instead of conventional way of breaking things or directly exploiting technical weaknesses, logic vulnerabilities are about twisting the application's rules against itself.

failing to anticipate unusual application states that may occur and, consequently, failing to handle them safely

common in overly complicated systems

• Lab - Excessive trust in client-side controls
• Lab - High-level logic vulnerability
• Lab - Low-level logic flaw
• Lab - Inconsistent handling of exceptional input
• Lab - Inconsistent security controls
• Lab - Weak isolation on dual-use endpoint
• Sequence follow
• Lab - Insufficient workflow validation
• Lab - Authentication bypass via flawed state machine
• Lab - Flawed enforcement of business rules
• Lab - Infinite money logic flaw

Providing an encryption oracle

Its when an application provides a service that encrypts user-controlled input and returns the resulting ciphertext to the user. Its a vulnerability when ciphertext can be used elsewhere in the application, especially if other parts of the application expect input encrypted with the same algorithm and key.

• Lab: Authentication bypass via encryption oracle

Email address parser discrepancies

inconsistent handling of email addresses in different parts of an application. Attackers can use encoding and formatting tricks to bypass validation checks, leading to unauthorized access or privilege escalation.

• Lab: Bypassing access controls using email address parsing discrepancies