जय श्री राम 🚩 Hackers,
In this writeup, I’m sharing one of the most overlooked and dangerous logic flaws I’ve encountered on a real-world car marketplace.
While testing a car marketplace platform, I discovered a business logic flaw that allowed me to manipulate subscriber counts endlessly — all without any hacking tools or advanced exploits.
On platforms where credibility = trust = sales, inflating followers could lead to financial scams, phishing attacks, and massive trust violations.
Zoom image will be displayed
A business logic flaw happens when an application works as intended — but the intent itself is flawed.
In this case, the app allowed users to subscribe (follow) others — but when the subscribing user deleted their account the server never removed that subscriber(follower)
- Create two accounts On Two Different Browsers
i) Account A (Main Profile) : Brave Browser
ii) Account B ( Exploiting Profile ) Chrome Browser - Log in as Account B and subscribe to Account A.
- Delete Account B.
Normally, this should reduce the follower…