Kali Linux

WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

WannaRace is a WebApp intentionally made vulnerable to Race Condition

Description

Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is logged in. Happy learning .

 Building And Running The Docker Image

Build the Docker image with:

git clone https://github.com/Xib3rR4dAr/WannaRace && cd WannaRace
docker build -t xib3rr4dar/wanna_race:1.0 .

Run Docker image:

docker run -it –rm xib3rr4dar/wanna_race:1.0

Then open in browser relevant IP:PORT

Screenshots

Challenge #1

Main Page

Four vouchers worth 400 units available for recharge

Task is to buy Mega box (which is worth 401 units) by exploiting race condition

Challenge #2

Same as Challenge #1 but requires login so that PHPSESSID and appropriate cookies are set

R K

Recent Posts

2025-03-04 (Tuesday) : Group Claiming To Be BianLian Sends Paper-Based Extortion Letters via Postal Service

On March 4, 2025, a group claiming to be the notorious threat actor BianLian began…

18 hours ago

Blindsight : Advanced Techniques In Red Teaming And LSASS Memory Exploitation

Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service)…

18 hours ago

Hiphp : Mastering Remote Management Of PHP Websites

Hiphp, developed by Yasserbdj96, is an open-source tool designed to create a backdoor for controlling…

18 hours ago

PowerShell-Hunter : A Comprehensive Toolset For Threat Hunting

PowerShell-Hunter is a robust collection of PowerShell-based tools designed to aid security analysts in detecting…

18 hours ago

DE-TH-Aura : Detection Engineering And Threat Hunting By SecurityAura

DE-TH-Aura, an initiative by SecurityAura, focuses on enhancing detection engineering and threat hunting capabilities using…

20 hours ago

MassVulScan : A Comprehensive Network Scanning Tool

MassVulScan is a powerful network scanning tool designed for pentesters and system administrators to identify…

22 hours ago