Multi Endpoint Race Conditions

Perhaps the most intuitive form of these race conditions are those that involve sending requests to multiple endpoints at the same time.

Think about the classic logic flaw in online stores where you add an item to your basket or cart, pay for it, then add more items to the cart before force-browsing to the order confirmation page.

A variation of this vulnerability can occur when payment validation and order confirmation are performed during the processing of a single request. The state machine for the order status might look something like this:

In this case, you can potentially add more items to your basket during the race window between when the payment is validated and when the order is finally confirmed.

Methodology

• First Add an low value item to the cart

• Click on place order

• Now send the both request to the repater and create a group

• Now again add a low value item to the cart

• Switch to burp suite repeater tab

• Change the first request's product id to the higher value item

• Now select Parallel option by clicking on the Send group button

• Send the request

REFERENCES

• https://saminbinh.medium.com/race-condition-101-everything-you-need-to-know-about-race-condition-attacks-efe5b655632f

• https://portswigger.net/web-security/race-conditions/lab-race-conditions-multi-endpoint