Learn about Race Condition vulnerabilities and how to exploit them! This lab contains a user registration mechanism. A race condition enables us to bypass email verification and register with an arbitrary email address that we do not own. To solve the lab, we'll exploit the race condition to create an account, then log in and delete the user carlos.
Overview:
0:00 Intro
0:09 Partial construction race conditions
2:05 Lab: Partial construction race conditions
2:42 Predict potential collision
6:37 Benchmark the behaviour
9:11 Prove by claiming the victims email address
15:05 Conclusion
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/websecurity/...
Portswigger challenge: https://portswigger.net/websecurity/...
Sign up and start hacking right now https://go.intigriti.com/register
Join our Discord https://go.intigriti.com/discord
This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
Do you want some Intigriti Swag? Check out https://swag.intigriti.com