Username: 
Password: 
Restrict session to IP 

A Race Condition Vuln?  Go to the Stop us challenge

Global Rank: 2527
Totalscore: 6763
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 43d
Last Seen: 205d 19h
The User is Offline
A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
I thought it's a race condition vuln, because reduceMoney function will be called after the function call purchaseDomain 6 seconds.

But if I want to take advantage of this vuln , I need to make two requests arrive noother_timeout function simultaneously, after try many times , I think this is very difficult to do that.

So, I was just not lucky enough ?


--------------------------------------


Ok, Got it
Last edited by sunrain - Jul 19, 2016 - 04:48:56
Global Rank: 1069
Totalscore: 21157
Posts: 5
Thanks: 3
UpVotes: 3
Registered: 3y 38d
Last Seen: 2y 56d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
Any hint on how did you get it? I tried sending requests at the same time (with Burp intruder and with a python script using threads), but no luck.

Am I missing something?
Global Rank: 2527
Totalscore: 6763
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 43d
Last Seen: 205d 19h
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
In fact, I'm not sure if this idea is feasible. But there is another way to solve it.

hint: read the code carefully Smile
Redknee, tunelko, silenttrack, qdxy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3992 times.