Username: 
Password: 
Restrict session to IP 

A Race Condition Vuln?  Go to the Stop us challenge

Global Rank: 3046
Totalscore: 7013
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 8y 137d
Last Seen: 5y 300d
The User is Offline
A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
I thought it's a race condition vuln, because reduceMoney function will be called after the function call purchaseDomain 6 seconds.

But if I want to take advantage of this vuln , I need to make two requests arrive noother_timeout function simultaneously, after try many times , I think this is very difficult to do that.

So, I was just not lucky enough ?


--------------------------------------


Ok, Got it
Last edited by sunrain - Jul 19, 2016 - 04:48:56
Global Rank: 1325
Totalscore: 19990
Posts: 5
Thanks: 3
UpVotes: 3
Registered: 8y 132d
Last Seen: 7y 151d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
Any hint on how did you get it? I tried sending requests at the same time (with Burp intruder and with a python script using threads), but no luck.

Am I missing something?
Global Rank: 3046
Totalscore: 7013
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 8y 137d
Last Seen: 5y 300d
The User is Offline
RE: A Race Condition Vuln?
Google/translate1Thank You!1Good Post!0Bad Post! link
In fact, I'm not sure if this idea is feasible. But there is another way to solve it.

hint: read the code carefully Smile
Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 6069 times.