Race condition on https://judge.me/people
Low
J
Judge.me
Submitted None
Actions:
Reported by
netboom
Vulnerability Details
Technical details and impact analysis
##summary:An attacker can increase the followers of the users of judge.me
Tools required :
1.burpsuit
2.turbo intruder
##steps to reproduce:
1.visit https://judge.me/people
2.like a user and intercept the request
3.now send it to turbo intruder and configure the script to
race.py
## Impact
The attacker can increase their followers in a bad way by creating fake followers
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')