unfortunately race conditions are realllyy edge cases, and u can barely do 1 especially with nowadays frameworks which offer a better security and code execution
I do agree but race conditions aren't always what I explained. These vulnerabilities occur in a lot of different parts of a website, that's why they are so destructive. One good example is bypassing 2fa.
Aww thanks man, really appreciate this. One way to motivate me in making more content is to subscribe, it costs you nothing but means a lot to me for each number I get
@@deadoverflow I would like to know aswell. I have a huge interest in coding, cybersecurity etc. I promise not to do shady stuff, I actually already got rewarded for a few incredibly easy bounties.
@@OplikZPrahy Okay then, software I used is called Burp Suite standard edition, there is a pro version but I rarely use it. You can just google and download it. Set up is very easy as well!
If they have a bug bounty program then that is one way, if they just have a contact form that is another and if you cannot contact them, then maybe look up the owner of a website and contact them directly.
option A/B is as dead mentioned, invalidate first or check if coupon was already entered, option C is to use something called atomic locking which in short terms makes sure that things happen in sequence i.e. first coupon processed fully, then second coupon processed, not both simultaneously
Race conditions sound like what an American would say.
🦅🦅🦅🇺🇲🇺🇲🇺🇲
Rahhhhhh😂
unfortunately race conditions are realllyy edge cases, and u can barely do 1 especially with nowadays frameworks which offer a better security and code execution
I do agree but race conditions aren't always what I explained. These vulnerabilities occur in a lot of different parts of a website, that's why they are so destructive. One good example is bypassing 2fa.
Absolutely love this kind of content!!! I hope you keep making more such content🙀
Aww thanks man, really appreciate this. One way to motivate me in making more content is to subscribe, it costs you nothing but means a lot to me for each number I get
Hey, great video! Would love to see more videos like this going over the labs
Thanks a lot man, I got another video coming out today regarding broken reset password functionality so you might want to subscribe to check that out!
@deadoverflow Subscribed right now :D
Damn, that was good stuff!
Thanks a lot man, I really appreciate your insight!
Here before you become a decillionare.
HAHAHHA
Amazing video man, I would just like to know which tool you used to intercept the requests
Oh man I could get in trouble if I tell you so please promise me you won't use it for anything shady 😭
@@deadoverflow I would like to know aswell. I have a huge interest in coding, cybersecurity etc. I promise not to do shady stuff, I actually already got rewarded for a few incredibly easy bounties.
@@OplikZPrahy Okay then, software I used is called Burp Suite standard edition, there is a pro version but I rarely use it. You can just google and download it. Set up is very easy as well!
Can you explain, which is the best way to notify the owner of the website that there is a "bug"
If they have a bug bounty program then that is one way, if they just have a contact form that is another and if you cannot contact them, then maybe look up the owner of a website and contact them directly.
Assuming the company is being proactive they might have this set up en.wikipedia.org/wiki/Security.txt
Great point
you got yourself a like and follow
That's awesome, thanks a lot man ❤️
wait how do they prevent this ?
Well I guess making the functionality different on the backend. Maybe firstly setting the coupon to be invalid and then remove the -20%
Maybe you can use mutexes/locks
@@deadoverflow lol or simply use transactions
or once you start making a purchase, backend detects that you entered a coupon and only then takes 20% off
option A/B is as dead mentioned, invalidate first or check if coupon was already entered, option C is to use something called atomic locking which in short terms makes sure that things happen in sequence i.e. first coupon processed fully, then second coupon processed, not both simultaneously
Race conditions? (I didn't watch the full vid yet, I solved the lab a few weeks ago).
It's a great type of vulnerability to hunt for, honestly it's underrated but you can find these almost everywhere
@@deadoverflow right. I keep moving away from cybersecurity & then some video pops up on my yt feed & I want to get back again 😂
lmao had exactly the same experience few years ago. Don't give up is the best advice to give
Lawl who da hell applies the coupon async and then mark it used 😂
Probably some Indian interns wrote that estore code man
Lmao, well given the fact that indians charge $2 an hour, so they are cheap labor, you can see this more and more lmaoo