Username: 
Password: 
Restrict session to IP 

A Race Condition Vuln?  Go to the Stop us challenge

Global Rank: 2624
Totalscore: 6808
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 332d
Last Seen: 1y 129d
The User is Offline
A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
I thought it's a race condition vuln, because reduceMoney function will be called after the function call purchaseDomain 6 seconds.

But if I want to take advantage of this vuln , I need to make two requests arrive noother_timeout function simultaneously, after try many times , I think this is very difficult to do that.

So, I was just not lucky enough ?


--------------------------------------


Ok, Got it
Last edited by sunrain - Jul 19, 2016 - 04:48:56
Global Rank: 1267
Totalscore: 18007
Posts: 5
Thanks: 3
UpVotes: 3
Registered: 3y 326d
Last Seen: 2y 345d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
Any hint on how did you get it? I tried sending requests at the same time (with Burp intruder and with a python script using threads), but no luck.

Am I missing something?
Global Rank: 2624
Totalscore: 6808
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 332d
Last Seen: 1y 129d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
In fact, I'm not sure if this idea is feasible. But there is another way to solve it.

hint: read the code carefully Smile
Redknee, tunelko, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4158 times.