Multi-endpoint Race Conditions

Поділитися
Вставка
  • Опубліковано 18 лис 2024

КОМЕНТАРІ • 13

  • @MA-yk4pq
    @MA-yk4pq 5 місяців тому

    i was able to go into the negative changing the values of the gift card i was purchasing. it put me exactly as negative into my account as the addition gift cards i got.
    interesting tho, cuz if i just took those gift cards to a seperate account i could gain purchasing power. (had this been real).
    Hey thank you so much for these videos! i can't wait to watch them all.
    Note to anyone here in the comment section feeling lost: we all do. don't judge yourself for it. and don't judge yourself for judging yourself. just accept that it's complicated and that's ok. then keep APPLYING THE LABS. walk around the house and try again till it feels better.

    • @intigriti
      @intigriti  5 місяців тому

      Good point on the transferring gift cards to a new account!

  • @MA-yk4pq
    @MA-yk4pq 5 місяців тому +1

    for some reason my response time for my 1st packet is typically shorter than my other requests. some times they're the same. i'll send 3-8 at once trying to test for that "longer response" i'm supposed to see.

  • @ihavelowiq2723
    @ihavelowiq2723 29 днів тому

    labs i can understand, but still i'm not confidence enough to identify this vuln in wild. identify race windows and stuff like that

  • @trieulieuf9
    @trieulieuf9 6 місяців тому

    I don't think the 17:17 bonus solution will work. Because although we are able to buy the overprice jacket, our store credit still being reduced, as seen in 15:20. So even we can buy 1000 gift cards, our store credit will be reduced to minus the price of 1000 gift cards.

    • @intigriti
      @intigriti  6 місяців тому +1

      Hmmm IIRC the bonus solution was how I originally solved the challenge, so it did work? 🤔

  • @halwest05
    @halwest05 3 місяці тому

    nicely explained, but the bonus solution does not work, because even if race condition exploit succeeds and purchases 100 gift cards, it will still take away 1000 dollars, meaning the gift cards have no use in buying the leet jacket, if you redeem all cards, you will get back to the point you were in first.

    • @intigriti
      @intigriti  3 місяці тому +1

      Hey, so in the official solution we add a gift card and then exploit the race window to swap the gift card with another product (leather jacket).
      My idea was instead to exploit the race window to swap the quantity of the gift card from "1" to "1000". Therefore you get charged $10 but you have $10,000 worth of gift cards which you could use to purchase the jacket 🙂 I'm still pretty confident this should work 🤔

    • @halwest05
      @halwest05 3 місяці тому

      @@intigriti aha now i get it, it will work you are right, thanks man!

  • @robstark4759
    @robstark4759 7 місяців тому

    Why is it that I can only succeed when I remove the first 'get warm' request? Keeping this 'warm' request doesn't solve the lab?

    • @intigriti
      @intigriti  7 місяців тому

      Hmmmm weird! Probably the race condition labs are quite temperamental, by nature.

  • @zzzzzzzzZzZZzzzaZzz
    @zzzzzzzzZzZZzzzaZzz 10 місяців тому

    I don't get it

    • @intigriti
      @intigriti  10 місяців тому +1

      Which part? Did you check the previous labs, especially the first one which covers the background of race conditions?