Username: 
Password: 
Restrict session to IP 

A Race Condition Vuln?  Go to the Stop us challenge

Global Rank: 2977
Totalscore: 7025
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 7y 240d
Last Seen: 5y 37d
The User is Offline
A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
I thought it's a race condition vuln, because reduceMoney function will be called after the function call purchaseDomain 6 seconds.

But if I want to take advantage of this vuln , I need to make two requests arrive noother_timeout function simultaneously, after try many times , I think this is very difficult to do that.

So, I was just not lucky enough ?


--------------------------------------


Ok, Got it
Last edited by sunrain - Jul 19, 2016 - 04:48:56
Global Rank: 1303
Totalscore: 19965
Posts: 5
Thanks: 3
UpVotes: 3
Registered: 7y 234d
Last Seen: 6y 253d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
Any hint on how did you get it? I tried sending requests at the same time (with Burp intruder and with a python script using threads), but no luck.

Am I missing something?
Global Rank: 2977
Totalscore: 7025
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 7y 240d
Last Seen: 5y 37d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
In fact, I'm not sure if this idea is feasible. But there is another way to solve it.

hint: read the code carefully Smile
Redknee, tunelko, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 5592 times.