concurrency-vulnerability

4 articles
sort: new top best
clear filter
bug-bounty480 google297 xss277 microsoft249 facebook211 rce159 apple150 exploit136 bragging-post102 account-takeover98 malware94 csrf84 cve79 privilege-escalation74 authentication-bypass65 stored-xss65 writeup61 reflected-xss57 browser54 react53 ssrf51 phishing50 dos50 input-validation49 cloudflare49 access-control49 cross-site-scripting48 node46 aws46 smart-contract45 docker45 sql-injection45 ethereum44 defi43 web-security43 web-application42 supply-chain42 oauth41 web339 burp-suite36 lfi34 vulnerability-disclosure34 idor34 html-injection33 smart-contract-vulnerability32 race-condition32 clickjacking31 reverse-engineering31 information-disclosure30 csp-bypass30
0 7/10
Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli
vulnerability

Researcher demonstrates chaining missing rate limits with Math.random() predictability via race conditions to bypass 2FA OTP validation in a Node.js-based React-Native mobile application, combined with SQL injection in the OTP endpoint affecting multiple authentication flows.

math-random pseudo-random race-condition 2fa-bypass otp-prediction rate-limit sql-injection javascript nodejs react-native asynchronous turbo-intruder burp-suite mobile-security concurrency-vulnerability
Yasser Mohammed HackerOne React-Native Math.random() Turbo Intruder Burp Suite OWASP
neroli.medium.com · kh4sh3i/bug-bounty-writeups · 22 hours ago · details
0 5/10
Race condition bypassing team limit
vulnerability

A race condition vulnerability in a team management feature allows bypassing the free plan's 5-user invitation limit by sending simultaneous requests through Burp Intruder, enabling attackers to invite 22+ users without upgrading to a paid plan.

race-condition business-logic-bypass account-takeover team-limit-bypass burp-intruder concurrency-vulnerability authentication
Arbaz Hussain
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 7/10
Exploiting a Race condition vulnerabililty
bug-bounty

A detailed writeup of exploiting a race condition vulnerability in a referral invite system by sending multiple simultaneous requests using Turbo Intruder to register the same coupon code multiple times, bypassing the one-time-use restriction and multiplying rewards.

race-condition concurrency-vulnerability invite-code-abuse coupon-code-exploitation turbo-intruder bug-bounty referral-program-abuse request-timing-attack golang web-application-security
Turbo Intruder Burp Suite Bugcrowd V7nc3nz PortSwigger
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 7/10
Hacking Banks With Race Conditions
tutorial

Educational article explaining race condition vulnerabilities in web applications, particularly in financial systems, with real-world examples including the Starbucks gift card exploit where attackers could generate unlimited credit by sending concurrent transfer requests to bypass balance checks.

race-condition time-of-check-time-of-use concurrency-vulnerability banking-security financial-fraud access-control vulnerability-exploitation web-application-security synchronization resource-locking
Egor Homakov Starbucks Vickie Li
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details