Multi-endpoint Race Conditions

Поделиться
HTML-код
  • Опубликовано: 27 ноя 2024

Комментарии • 13

  • @MA-yk4pq
    @MA-yk4pq 5 месяцев назад

    i was able to go into the negative changing the values of the gift card i was purchasing. it put me exactly as negative into my account as the addition gift cards i got.
    interesting tho, cuz if i just took those gift cards to a seperate account i could gain purchasing power. (had this been real).
    Hey thank you so much for these videos! i can't wait to watch them all.
    Note to anyone here in the comment section feeling lost: we all do. don't judge yourself for it. and don't judge yourself for judging yourself. just accept that it's complicated and that's ok. then keep APPLYING THE LABS. walk around the house and try again till it feels better.

    • @intigriti
      @intigriti  5 месяцев назад

      Good point on the transferring gift cards to a new account!

  • @MA-yk4pq
    @MA-yk4pq 5 месяцев назад +1

    for some reason my response time for my 1st packet is typically shorter than my other requests. some times they're the same. i'll send 3-8 at once trying to test for that "longer response" i'm supposed to see.

  • @trieulieuf9
    @trieulieuf9 6 месяцев назад

    I don't think the 17:17 bonus solution will work. Because although we are able to buy the overprice jacket, our store credit still being reduced, as seen in 15:20. So even we can buy 1000 gift cards, our store credit will be reduced to minus the price of 1000 gift cards.

    • @intigriti
      @intigriti  6 месяцев назад +1

      Hmmm IIRC the bonus solution was how I originally solved the challenge, so it did work? 🤔

  • @ihavelowiq2723
    @ihavelowiq2723 Месяц назад

    labs i can understand, but still i'm not confidence enough to identify this vuln in wild. identify race windows and stuff like that

  • @robstark4759
    @robstark4759 8 месяцев назад

    Why is it that I can only succeed when I remove the first 'get warm' request? Keeping this 'warm' request doesn't solve the lab?

    • @intigriti
      @intigriti  8 месяцев назад

      Hmmmm weird! Probably the race condition labs are quite temperamental, by nature.

  • @halwest05
    @halwest05 3 месяца назад

    nicely explained, but the bonus solution does not work, because even if race condition exploit succeeds and purchases 100 gift cards, it will still take away 1000 dollars, meaning the gift cards have no use in buying the leet jacket, if you redeem all cards, you will get back to the point you were in first.

    • @intigriti
      @intigriti  3 месяца назад +1

      Hey, so in the official solution we add a gift card and then exploit the race window to swap the gift card with another product (leather jacket).
      My idea was instead to exploit the race window to swap the quantity of the gift card from "1" to "1000". Therefore you get charged $10 but you have $10,000 worth of gift cards which you could use to purchase the jacket 🙂 I'm still pretty confident this should work 🤔

    • @halwest05
      @halwest05 3 месяца назад

      @@intigriti aha now i get it, it will work you are right, thanks man!

  • @zzzzzzzzZzZZzzzaZzz
    @zzzzzzzzZzZZzzzaZzz 10 месяцев назад

    I don't get it

    • @intigriti
      @intigriti  10 месяцев назад +1

      Which part? Did you check the previous labs, especially the first one which covers the background of race conditions?