i was able to go into the negative changing the values of the gift card i was purchasing. it put me exactly as negative into my account as the addition gift cards i got. interesting tho, cuz if i just took those gift cards to a seperate account i could gain purchasing power. (had this been real). Hey thank you so much for these videos! i can't wait to watch them all. Note to anyone here in the comment section feeling lost: we all do. don't judge yourself for it. and don't judge yourself for judging yourself. just accept that it's complicated and that's ok. then keep APPLYING THE LABS. walk around the house and try again till it feels better.
for some reason my response time for my 1st packet is typically shorter than my other requests. some times they're the same. i'll send 3-8 at once trying to test for that "longer response" i'm supposed to see.
I don't think the 17:17 bonus solution will work. Because although we are able to buy the overprice jacket, our store credit still being reduced, as seen in 15:20. So even we can buy 1000 gift cards, our store credit will be reduced to minus the price of 1000 gift cards.
nicely explained, but the bonus solution does not work, because even if race condition exploit succeeds and purchases 100 gift cards, it will still take away 1000 dollars, meaning the gift cards have no use in buying the leet jacket, if you redeem all cards, you will get back to the point you were in first.
Hey, so in the official solution we add a gift card and then exploit the race window to swap the gift card with another product (leather jacket). My idea was instead to exploit the race window to swap the quantity of the gift card from "1" to "1000". Therefore you get charged $10 but you have $10,000 worth of gift cards which you could use to purchase the jacket 🙂 I'm still pretty confident this should work 🤔
i was able to go into the negative changing the values of the gift card i was purchasing. it put me exactly as negative into my account as the addition gift cards i got.
interesting tho, cuz if i just took those gift cards to a seperate account i could gain purchasing power. (had this been real).
Hey thank you so much for these videos! i can't wait to watch them all.
Note to anyone here in the comment section feeling lost: we all do. don't judge yourself for it. and don't judge yourself for judging yourself. just accept that it's complicated and that's ok. then keep APPLYING THE LABS. walk around the house and try again till it feels better.
Good point on the transferring gift cards to a new account!
for some reason my response time for my 1st packet is typically shorter than my other requests. some times they're the same. i'll send 3-8 at once trying to test for that "longer response" i'm supposed to see.
labs i can understand, but still i'm not confidence enough to identify this vuln in wild. identify race windows and stuff like that
I don't think the 17:17 bonus solution will work. Because although we are able to buy the overprice jacket, our store credit still being reduced, as seen in 15:20. So even we can buy 1000 gift cards, our store credit will be reduced to minus the price of 1000 gift cards.
Hmmm IIRC the bonus solution was how I originally solved the challenge, so it did work? 🤔
nicely explained, but the bonus solution does not work, because even if race condition exploit succeeds and purchases 100 gift cards, it will still take away 1000 dollars, meaning the gift cards have no use in buying the leet jacket, if you redeem all cards, you will get back to the point you were in first.
Hey, so in the official solution we add a gift card and then exploit the race window to swap the gift card with another product (leather jacket).
My idea was instead to exploit the race window to swap the quantity of the gift card from "1" to "1000". Therefore you get charged $10 but you have $10,000 worth of gift cards which you could use to purchase the jacket 🙂 I'm still pretty confident this should work 🤔
@@intigriti aha now i get it, it will work you are right, thanks man!
Why is it that I can only succeed when I remove the first 'get warm' request? Keeping this 'warm' request doesn't solve the lab?
Hmmmm weird! Probably the race condition labs are quite temperamental, by nature.
I don't get it
Which part? Did you check the previous labs, especially the first one which covers the background of race conditions?