LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

2 years ago 137
BOOK THIS SPACE FOR AD
ARTICLE AD

WebApp intentionally made vulnerable to Race Condition

Description

Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is logged in. Happy learning

Building and running the docker image

Build the docker image with:

git clone https://github.com/Xib3rR4dAr/WannaRace && cd WannaRace
docker build -t xib3rr4dar/wanna_race:1.0 .

Run docker image:

docker run -it --rm xib3rr4dar/wanna_race:1.0

OR

docker run -it --rm -p 9050:80 xib3rr4dar/wanna_race:1.0

Then open in browser relevant IP:PORT

Challenge #1

Main Page

Four vouchers worth 400 units available for recharge

Task is to buy Mega box (which is worth 401 units) by exploiting race condition

Challenge #2

Same as Challenge #1 but requires login so that PHPSESSID and appropriate cookies are set


WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition Reviewed by Zion3R on 8:30 AM Rating: 5

Read Entire Article
  3. WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

Related

HackerInfo - Infromations Web Application Security

HackerInfo - Infromations Web Application Security

CloudGrappler - A purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure

CloudGrappler - A purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure

VolWeb - A Centralized And Enhanced Memory Analysis Platform

VolWeb - A Centralized And Enhanced Memory Analysis Platform

Radamsa - A General-Purpose Fuzzer

Radamsa - A General-Purpose Fuzzer

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

Shodan Dorks

Shodan Dorks

Trending

1. Adrian Newey
2. Rafael Nadal
3. Gukesh Chess
4. World Malaria Day
5. TikTok banned
6. Dead Boy Detectives
7. RCB बनाम SRH
8. RCB vs SRH
9. IBM HashiCorp acquisition
10. Kotak Bank share price

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved