Limit overrun race conditions
Limit Overrun Race Conditions
The most well-known type of race condition enables you to exceed some kind of limit imposed by the business logic of the application.
There are many variations of this kind of attack, including:
Redeeming a gift card multiple times
Rating a product multiple times
Withdrawing or transferring cash in excess of your account balance
Reusing a single CAPTCHA solution
Bypassing an anti-brute-force rate limit
Limit overruns are a subtype of so-called "time-of-check to time-of-use" (TOCTOU) flaws.
Detecting and Exploiting Limit Overrun (Repeater)
The process of detecting and exploiting limit overrun race conditions is relatively simple. In high-level terms, all you need to do is:
Identify a single-use or rate-limited endpoint that has some kind of security impact or other useful purpose.
Issue multiple requests to this endpoint in quick succession to see if you can overrun this limit.
Sending a Group of Requests (Repeater)
Right click the request and send it to repeater
In the repeater tab right click the request and agin send it to repater or you can use ctrl+r (You have to create 15 to 20 requests)
Now, click on the + icon besides the last request tab
Select Create tab group
Select all the requests
Give it a name
Select a color
Click on Create
Expand the send button
Select Send group in parallel option
Click on the Send group (parallel button)
Bypassing Rate Limits (Anti Bruteforce Mechanism)
Send the login request to the intruder
Set the payload position to password field
In the payloads tab enter some default passwords
Switch to the Resource pool tab
Select Custom resource pool option
Click on Start attack button
Look for the 302 response
REFERENCES
Last updated