Race Condition Attacks in Web Applications

gamma95[at]gmail[dot].com

Breaking news

About me

About me

$g4mm4 === $gamma95● Penetration tester● Bugs hunter● Full time Internet Troll

About the talk

● What is race condition?● Race conditions in the web applications● Prevention● Demo● References● Q&A

What is race condition?

● A race condition or race hazard is a type of flaw in an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events

● Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.

in Electronics

● ∆t1 and ∆t2 represent the propagation delays of the logic elements.

● When the input value (A) changes, the circuit outputs a short spike of duration (∆t1+∆t2) - ∆t2 = ∆t1

In Computer Software (file system, networking ...)

in Web Applications: Hit Counter

in Web Applications: Hit Counter

Tell me why?

Tell me why?

in Web Applications: Online Banking

in Web Applications: Online Banking

D3m0

Prevention

Semaphore

System V SemaphorePHP is compiled with --enable-sysvsem

LFI with phpinfo()● What is LFI?

Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected

LFI with phpinfo()● Why PHPInfo()?

The output of the PHPInfo() script contains the values of the PHP Variables, including any values set via _GET, _POST or uploaded _FILES.

How to win the race ?

D3m0

References

● Practical Race Condition Vulnerabilities in Web Applications

https://defuse.ca/race-conditions-in-web-applications.htm

● "LFI with phpinfo() assistance"http://www.insomniasec.com/publications/LFI With PHPInfo Assistance.pdf

● Nghệ thuật tận dụng lỗi phần mềmhttp://bluemoon.com.vn/books/8935048992197.html

Questions?

That's all folks!