How I Bypassed Voucher Limits Using a Race Condition Vulnerability

How I Bypassed Voucher Limits Using a Race Condition Vulnerability
嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我需要理解文章的主要内容。看起来这篇文章是关于作者参加了一个CTF比赛，遇到了一个叫做FLAG SHOP 2.0的web挑战。挑战的难度较高，特别是对于不了解相关漏洞的人来说。文章详细描述了挑战的流程：用户可以抓取优惠券、检查优惠券以及购买旗帜。当输入特定的名字比如shadow_monarch并点击购买旗帜时，应用提示需要收集5个相同名字的优惠券。正常情况下，第一次抓取优惠券成功，但再次使用相同名字时会遇到错误，因为后端限制了每个用户只能获取一个优惠券。所以，总结的时候需要涵盖这些关键点：CTF比赛、FLAG SHOP 2.0挑战、难度、功能流程以及后端限制。我要确保在100字以内简洁明了地表达出来。接下来，我需要组织语言，避免使用“这篇文章”或“文章内容总结”这样的开头。直接描述事件和关键点即可。例如：“作者参加CTF比赛并完成FLAG SHOP 2.0挑战，该应用允许用户抓取和检查优惠券，并购买旗帜。当尝试用相同名称多次抓取时会遇到错误。” 这样既涵盖了主要信息，又符合字数限制和格式要求。 </think> 作者参加CTF比赛并完成FLAG SHOP 2.0挑战，该应用允许用户抓取和检查优惠券，并购买旗帜。当尝试用相同名称多次抓取时会遇到错误。 2025-12-15 10:49:46 Author: infosecwriteups.com(查看原文) 阅读量:3 收藏

So last night I played a CTF. Of course, it was free and with no prize. I know you are not here to listen my bla bla bla about my CTF journey, but wait brooo, I’ll share.
Actually, there is a web challenge named FLAG SHOP 2.0. This challenge was HARD level for those who don’t know about this vulnerability, but let me tell you how it looks like.

Challenge Overview

In this challenge, the application allows users to:

Grab Voucher
Check Voucher
Buy Flag

Press enter or click to view image in full size

When you enter a name such as shadow_monarch and click on Buy Flag, the application tells you that you must collect 5 vouchers with the same name.

Press enter or click to view image in full size

Normal Behavior

First, enter the name shadow_monarch and click on Grab Vou{{Screenshot}}cher. You will receive one voucher code.

If you try grabbing another voucher using the same name, you get an error because the backend restricts this action to a single voucher per user.

文章来源: https://infosecwriteups.com/how-i-bypassed-voucher-limits-using-a-race-condition-vulnerability-8f68a19fbc76?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh