I thought it's a race condition vuln, because reduceMoney function will be called after the function call purchaseDomain 6 seconds.

But if I want to take advantage of this vuln , I need to make two requests arrive noother_timeout function simultaneously, after try many times , I think this is very difficult to do that.

So, I was just not lucky enough ?

--------------------------------------

Ok, Got it

Last edited by sunrain - Jul 19, 2016 - 04:48:56

Gman_H4ck3r

Global Rank: 1323

Totalscore: 19990

Posts: 5

Thanks: 3

UpVotes: 3

Registered: 8y 121d

Last Seen: 7y 139d

The User is Offline

RE: A Race Condition Vuln?
Jul 19, 2016 - 14:28:23 (8y 115d) Google/translate1Thank You!1Good Post!0Bad Post! link

Any hint on how did you get it? I tried sending requests at the same time (with Burp intruder and with a python script using threads), but no luck.

Am I missing something?

sunrain

Global Rank: 3042

Totalscore: 7013

Posts: 3

Thanks: 3

UpVotes: 2

Registered: 8y 126d

Last Seen: 5y 288d

The User is Offline

RE: A Race Condition Vuln?
Jul 20, 2016 - 17:14:21 (8y 114d) Google/translate1Thank You!1Good Post!0Bad Post! link

In fact, I'm not sure if this idea is feasible. But there is another way to solve it.

hint: read the code carefully Smile

Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 6050 times.