Kali Linux

WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

WannaRace is a WebApp intentionally made vulnerable to Race Condition

Description

Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is logged in. Happy learning .

 Building And Running The Docker Image

Build the Docker image with:

git clone https://github.com/Xib3rR4dAr/WannaRace && cd WannaRace
docker build -t xib3rr4dar/wanna_race:1.0 .

Run Docker image:

docker run -it –rm xib3rr4dar/wanna_race:1.0

Then open in browser relevant IP:PORT

Screenshots

Challenge #1

Main Page

Four vouchers worth 400 units available for recharge

Task is to buy Mega box (which is worth 401 units) by exploiting race condition

Challenge #2

Same as Challenge #1 but requires login so that PHPSESSID and appropriate cookies are set

R K

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

7 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago