This bug might change how you see eCommerce websites

Рет қаралды 2,311

DeadOverflow

Күн бұрын

Пікірлер: 36

@hanhao263 2 күн бұрын

Race conditions sound like what an American would say.

@deadoverflow 2 күн бұрын

🦅🦅🦅🇺🇲🇺🇲🇺🇲

@swatejdesai7621 Күн бұрын

Rahhhhhh😂

@and_rotate69 Күн бұрын

unfortunately race conditions are realllyy edge cases, and u can barely do 1 especially with nowadays frameworks which offer a better security and code execution

@deadoverflow Күн бұрын

I do agree but race conditions aren't always what I explained. These vulnerabilities occur in a lot of different parts of a website, that's why they are so destructive. One good example is bypassing 2fa.

@LK272si 19 сағат бұрын

Absolutely love this kind of content!!! I hope you keep making more such content🙀

@deadoverflow 19 сағат бұрын

Aww thanks man, really appreciate this. One way to motivate me in making more content is to subscribe, it costs you nothing but means a lot to me for each number I get

@someoneunknown6894 Күн бұрын

Hey, great video! Would love to see more videos like this going over the labs

@deadoverflow Күн бұрын

Thanks a lot man, I got another video coming out today regarding broken reset password functionality so you might want to subscribe to check that out!

@someoneunknown6894 Күн бұрын

@deadoverflow Subscribed right now :D

@lightninghunterCR Күн бұрын

Damn, that was good stuff!

@deadoverflow Күн бұрын

Thanks a lot man, I really appreciate your insight!

@pieTone Күн бұрын

Here before you become a decillionare.

@deadoverflow Күн бұрын

HAHAHHA

@ramonbastos6232 Күн бұрын

Amazing video man, I would just like to know which tool you used to intercept the requests

@deadoverflow Күн бұрын

Oh man I could get in trouble if I tell you so please promise me you won't use it for anything shady 😭

@OplikZPrahy Күн бұрын

@@deadoverflow I would like to know aswell. I have a huge interest in coding, cybersecurity etc. I promise not to do shady stuff, I actually already got rewarded for a few incredibly easy bounties.

@deadoverflow Күн бұрын

@@OplikZPrahy Okay then, software I used is called Burp Suite standard edition, there is a pro version but I rarely use it. You can just google and download it. Set up is very easy as well!

@RodDiaz Күн бұрын

Can you explain, which is the best way to notify the owner of the website that there is a "bug"

@deadoverflow Күн бұрын

If they have a bug bounty program then that is one way, if they just have a contact form that is another and if you cannot contact them, then maybe look up the owner of a website and contact them directly.

@Bebop79 Күн бұрын

Assuming the company is being proactive they might have this set up en.wikipedia.org/wiki/Security.txt

@deadoverflow Күн бұрын

Great point

@TheDenixChannel 2 күн бұрын

you got yourself a like and follow

@deadoverflow Күн бұрын

That's awesome, thanks a lot man ❤️

@yolbulucu Күн бұрын

wait how do they prevent this ?

@deadoverflow Күн бұрын

Well I guess making the functionality different on the backend. Maybe firstly setting the coupon to be invalid and then remove the -20%

@jisangain Күн бұрын

Maybe you can use mutexes/locks

@yolbulucu Күн бұрын

@@deadoverflow lol or simply use transactions

@deadoverflow Күн бұрын

or once you start making a purchase, backend detects that you entered a coupon and only then takes 20% off

@rvn8552 Күн бұрын

option A/B is as dead mentioned, invalidate first or check if coupon was already entered, option C is to use something called atomic locking which in short terms makes sure that things happen in sequence i.e. first coupon processed fully, then second coupon processed, not both simultaneously