Race Conditions

What's the Race Conditions?

send many request in the same second or more one operation occurs at the same time or requests concurrently without adequate safeguards

Result of Race Condition : Collusion that causes unintended behavior in the application

to send request by repeater -> right click on the number of request and choose create group
 then click ctrl+R then choose any request of group and choose send group in parallel

the aim of Race Condition is : exceed some kind of limit imposed by the business logic of the application

send two request

send two request by race condition

We can found this vulnerability in

gift-card or promo code , etc
change email or anything like this
rating a product multiple times, add comments
transferring cash in excess of your account balance
Reusing a single CAPTCHA solution
Bypassing an anti-brute-force rate limit

PreviousCross-Site Request Forgery [CSRF]Nextinformation disclosure

Last updated 8 days ago