Thanks for making this wonderful video I have one doubt. if there is a user creation or a comment posting on the web page and we have captured that in the Burp send to Intruder at started with null payload with 500 suppose if it's created 500 users or posted 500 comments then it will come under the Race condition?
Thanks Farah for replying, i understand it's like as you mentioned if we are booking at the hotel and only one left but two of them booking at the same time then that scenario will come in test for race conditions other like i mentioned will come in lack of rate limiting right?
Like I've had this explained once but you're use of real world scenarios really solidified it... My only gripe, the music ..it gives me this Dora the explora-esk vibe 😂
Video was pretty good. I liked the animations/objects that you have introduced. How did you created the animations ? Can you provide some references for it.
@@FarahHawa Thank YOU. I'm a big fan of your work. One thing that sets you apart from other infosec content creators and professionals is your focus on constant improvisation. This video is a good example - you are trying a new format. Similarly, you are not a find bugs and fire person. Your guidelines on writing/creating better PoCs were a gem. I personally believe your work is highly underrated and underappreciated. I'm sure things will change, you are years ahead of many creators and people will realize the value of your work over time - I'm looking forward to that.
For practical exploitation of race condition issues, you can use OWASP TimeGap Theory. Read more about it here: timegaptheory.com/
Wow, thanks a lot for sharing my little project, Farah. This made my day 😍
I liked the way you included examples on what condition this is being exploited .
Clean and Elegant mam. Please keep up the pace!
This is very informative and simple for a beginner like me, Thank you Farah!
Hola me encantan muy bien explicados y me sacas de muchas dudas
The way of explanation is to the point..u can try this kind of explanation
Thanks for adding test cases
Appreciate it
Thank you farah for this all lovely content, genuinly thanks
This the kinda videos I follow Farah for! 😍
Post this types of videos. It's very simple.
Great explanation. Thank you for sharing.
I would love if you can include remediation part
Informative + simple. It would have been great if you could also tell the mitigation tips for the problems
Thanks for making this wonderful video I have one doubt. if there is a user creation or a comment posting on the web page and we have captured that in the Burp send to Intruder at started with null payload with 500 suppose if it's created 500 users or posted 500 comments then it will come under the Race condition?
That could just be lack of rate limiting on the endpoint
Thanks Farah for replying, i understand it's like as you mentioned if we are booking at the hotel and only one left but two of them booking at the same time then that scenario will come in test for race conditions other like i mentioned will come in lack of rate limiting right?
Ek dum badiya 🙃
Like I've had this explained once but you're use of real world scenarios really solidified it... My only gripe, the music ..it gives me this Dora the explora-esk vibe 😂
😂
Nicely Explained!
Good explanation,
But please do a sample experiment in the videos like this
really liked the video.
Absolutely this information and way of explanation is so neat and easy to understand, thanks #Farah
New thing for me. Any general solutions for racing conditions?
Video was pretty good. I liked the animations/objects that you have introduced. How did you created the animations ? Can you provide some references for it.
I used Canva to make everything!
I have just learnt a new vulnerability
Thanks Alot Maam
Great. Precise. Thanks. :)
Where is vulnerable lab for this video
Btw very nice info provided
OWASP TimeGap Theory is a lab dedicated for race condition issues
@@AbhiMBalakrishnan is it free lab..?
@@AbhiMBalakrishnan thanks for sharing! :)
@@FarahHawa Thank YOU. I'm a big fan of your work. One thing that sets you apart from other infosec content creators and professionals is your focus on constant improvisation. This video is a good example - you are trying a new format. Similarly, you are not a find bugs and fire person. Your guidelines on writing/creating better PoCs were a gem. I personally believe your work is highly underrated and underappreciated. I'm sure things will change, you are years ahead of many creators and people will realize the value of your work over time - I'm looking forward to that.
@@AbhiMBalakrishnan this comment made my day, thank you so much for your kind words 💜
Thank you !!
thanks for this..keep going
Great keep it up 🤟🤟
Wow learnt a lot thank you
yes
Very nice 👌👌👍🙏
Thank YOu :)
No explanation how to prevent this bug?
U forget to add reports can u please mention them....
BTW osm vedio🥰
done!
Nice ☺️
So in my opinion a simple python script using multithreads will do the same . No need to use Burp .
Yes, that’s true! I use Burp because I find it convenient but it’s totally not necessary
The cutest hacker on the whole UA-cam 💖✨
Some project for you...if u able to perform gray hat hacking.
pump
I am just here to see your face
Your content is not good as other infosec guys like ippsec or stok or liveoverflow
1st Comment
Men of culture gather here 😛
💘💘💘💘💘💘💘💘💘💘💘💘
4 minute ki video main 1 minute to ad dikha diya @FarahHawa