RACE Condition vulnerability found in bug-bounty program

I have recently identified RACE condition vulnerability in Bug bounty program.

Description:

A race condition attack happens when a computing system that’s designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously. Eventually, the application is forced to perform unintended actions. This leads the application to security exploitation.

Please check below links to get to know more about this bug:

Attack scenario:

Normally, the admin user is authorized to create ONLY 3 three members in his/her team. However, I have successfully managed to create 4 team members using RACE condition vulnerability.

Steps that I followed:

  1. Click on add team member request and captured the request using burp suite
Captured add team member request using burp

2.” E-mail and name” have been taken as the parameter and used for race condition attack.

3. Next, we need to configure the intruder options to stimulate RACE condition attack. First, we need to provide the parameter values as shown in the screenshot.

3. Now, we need to make changes to the number of threads for execution. It is highly crucial because it will speed up sending the requests to the server.

Intruder configuration to stimulate the attack

4. Now click on “Start attack” in intruder option. Burp will initiate sending requests simultaneously to the server. As a result of this attack, I was successfully able to add 4 team members. Now, totally I have 4 team members in my team.

4 team members added to my team due to RACE condition attack

If you like the blog, please share and like it.

Happy Hacking!!

If you like the content, please follow me on medium and LinkedIn

LinkedIn: https://www.linkedin.com/in/pravin-r-p-oscp-28497712b/

OSCP/Security geek &researcher(Application/infrastructure/Mobile/cloud security)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store