webPromedium

Lab 14 — SoundMart — Race Condition in Coupon Redemption

hackadvisor

Task: E-commerce store with coupon code system (SOUNDVIP, $500 fixed discount, limited uses). TOCTOU race condition in coupon redemption allows applying coupon beyond usage limit. Solution: Fire 50 concurrent requests via threading.Barrier to stack $5000 discount on $349.99 cart, then checkout triggers fraud detection revealing the flag.

$ ls tags/ techniques/

race_condition toctou concurrent_requests ecommerce coupon_abuse express_session negative_balance fraud_detection

race_condition_exploitationtoctou_coupon_bypassthread_barrier_synchronizationsession_cookie_sharingnegative_balance_trigger

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 272 — SwiftMart — Race Condition in Promo Code Redemption— hackadvisor
[web][Pro]Точка невозврата (Point of No Return)— hackerlab
[web][Pro]Race Shop— web-kids20
[web][Pro]Lab 193 — ShopNova — Price Manipulation in Checkout API— hackadvisor
[web][free]Chocolate Drop— alfactf