Tag: business-logic

All the articles with the tag "business-logic".

• Race Condition: abusing a single-use coupon with concurrent requests

  kOaDT

  27 Mar, 2026

  OopsSec Store validates a coupon and increments its counter in two separate database calls. Send enough concurrent requests and several slip through the check before any of them completes the increment.

• Client-Side Price Manipulation

  kOaDT

  16 Jan, 2026

  Exploiting a server-side validation failure in OopsSec Store's checkout process to purchase products at arbitrary prices.