This usually happens when the code tries to run different parts of a program concurrently without appropiate checks in place to ensure that its done properly . most times finding them is a matter of luck especially if you’re testing from a black box prespective .
A race condition happens when two sections of code that are designed to be executed in a sequence get executed out of sequence. To understand how this works, you need to first understand the concept of concurrency. In computer science, concurrency is the ability to execute different parts of a program simultaneously without affecting the outcome of the program.
Concurrency can drastically improve the performance of programs because different parts of the program’s operation can be run at once.
Arranging the sequence of execution of multiple threads is called scheduling. Different systems use different scheduling algorithms, depending on their performance priorities. For example, some systems might schedule their tasks by executing the highest-priority tasks first, while another system might execute its tasks by giving out computational time in turns, regardless of
priority. This flexible scheduling is precisely what causes race conditions.
When a Race Condition Becomes a Vulnerability
A race condition becomes a vulnerability when it affects a security control mechanism. In those cases, attackers can induce a situation in which a sensitive action executes before a security check is complete. For this reason, race condition vulnerabilities are also referred to as time-of-check or time-of use vulnerabilities.
Prevention
The key to preventing race conditions is to protect resources during execution by using a method of synchronization, or mechanisms that ensure threads using the same resources don’t execute simultaneously. Resource locks are one of these mechanisms. They block other threads from operating on the same resource by locking a resource.
AN EXAMPLE OF RACE CONDITION:
Imagine you have to vote once , and the process is for the system to check if you’ve voted before, if no, then take your vote and send it to the server, and then checks again and see that its confirmed , it them returns something like a confirmation message, and if its not properly configured , you can send multiple requests at once to do the same sole act of voting , so when its checking in both instances it sees that you’ve not voted, and comes back and takes your vote and updates the server, what happened here is that now two votes have been taken simultaneously , hence letting you vote twice .
Hunting for Race Conditions:
Step 1: Find Features Prone to Race Conditions
Attackers use race conditions to subvert access controls. In theory, any application whose sensitive actions rely on access-control mechanisms could be vulnerable. Most of the time, race conditions occur in features that deal with numbers, such as online voting, online gaming scores, bank transfers, e-commerce payments, and gift card balances. Look for these features in an application and take note of the request involved in updating these numbers.
For example, let’s say that, in your proxy, you’ve spotted the request used to transfer money from your banking site. You should copy this request to use for testing. In Burp Suite, you can copy a request by right-clicking it and selecting Copy as curl command.
Step 2: Send Simultaneous Requests
You can then test for and exploit race conditions in the target by sending multiple requests to the server simultaneously.
Next you need to check the results and see if the code executed them out of order in a way that shouldn’t happen, example maybe it didn’t check if you had enough balance in you bank before sending money in the second requests because the first request was using the resource of checking balance , and then proceeded to send money despite you not having enough
Step 3: create a POC: