Found a Race Condition That Led to Privilege =>$750
1 min read
Summary
Ehteshamul Haq has detailed how he identified a race condition on the target.
com website that enabled him to sidestep user invitation limits as well as escalate privileges.
He was able to purchase an item for $750 demonstrating the vulnerability.
A race condition arises when two or more events occur simultaneously and the ultimate outcome is dependent on the precise timing at which these events occur.
This is especially true of web applications and if the system can not manage these occurrences effectively it might behave in unexpected ways.
In this instance the flaw appeared while testing team member invitation functionality.