WebApp intentionally made vulnerable to Race Condition
Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is logged in. Happy learning
Building and running the docker image
Build the docker image with:
git clone https://github.com/Xib3rR4dAr/WannaRace && cd WannaRace
docker build -t xib3rr4dar/wanna_race:1.0 .
Run docker image:
docker run -it --rm xib3rr4dar/wanna_race:1.0
docker run -it --rm -p 9050:80 xib3rr4dar/wanna_race:1.0
Then open in browser relevant IP:PORT
Four vouchers worth 400 units available for recharge
Task is to buy Mega box (which is worth 401 units) by exploiting race condition
Same as Challenge #1 but requires login so that PHPSESSID and appropriate cookies are set
Source : KitPloit – PenTest Tools!