webPromedium

Точка невозврата (Point of No Return)

hackerlab

Task: Shop with voucher system where flag costs 1337$ but balance is only 1000$. Solution: Combined IDOR (uid parameter manipulation) with race condition to redeem vouchers multiple times, gaining enough balance to purchase the flag.

$ ls tags/ techniques/

race_condition toctou session_manipulation balance_manipulation idor insecure_direct_object_reference concurrent_requests voucher_system threading shop_exploitation

Race Condition via concurrent voucher redemptionIDOR exploitation via uid parameter manipulationMulti-session attack coordinationThread synchronization with Barrier

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 14 — SoundMart — Race Condition in Coupon Redemption— hackadvisor
[web][Pro]Race Shop— web-kids20
[web][Pro]Lab 272 — SwiftMart — Race Condition in Promo Code Redemption— hackadvisor
[misc][Pro]RUCTFE— spbctf
[web][Pro]Сила воли (Willpower)— duckerz