Kali Linux

WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

WannaRace is a WebApp intentionally made vulnerable to Race Condition

Description

Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie is auto created when user is logged in. Happy learning .

 Building And Running The Docker Image

Build the Docker image with:

git clone https://github.com/Xib3rR4dAr/WannaRace && cd WannaRace
docker build -t xib3rr4dar/wanna_race:1.0 .

Run Docker image:

docker run -it –rm xib3rr4dar/wanna_race:1.0

Then open in browser relevant IP:PORT

Screenshots

Challenge #1

Main Page

Four vouchers worth 400 units available for recharge

Task is to buy Mega box (which is worth 401 units) by exploiting race condition

Challenge #2

Same as Challenge #1 but requires login so that PHPSESSID and appropriate cookies are set

R K

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

2 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

2 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

2 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

2 weeks ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

2 weeks ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago