5. About me
$g4mm4 === $gamma95
● Penetration tester
● Bugs hunter
● Full time Internet Troll
6. About the talk
● What is race condition?
● Race conditions in the web applications
● Prevention
● Demo
● References
● Q&A
7. What is race condition?
● A race condition or race hazard is a type of
flaw in an electronic or software system where
the output is dependent on the sequence or
timing of other uncontrollable events
● Race conditions can occur in electronics
systems, especially logic circuits, and in
computer software, especially multithreaded or
distributed programs.
8. in Electronics
● ∆t1 and ∆t2
represent the
propagation delays
of the logic
elements.
● When the input
value (A) changes,
the circuit outputs
a short spike of
duration (∆t1+∆t2)
- ∆t2 = ∆t1
21. LFI with phpinfo()
● What is LFI?
Local File Inclusion (also known as LFI) is the process of including
files on a server through the web browser. This vulnerability occurs
when a page include is not properly sanitized, and allows directory
traversal characters to be injected
22. LFI with phpinfo()
● Why PHPInfo()?
The output of the PHPInfo() script contains the values of the
PHP Variables, including any values set via _GET, _POST or
uploaded _FILES.
25. References
● Practical Race Condition Vulnerabilities in
Web Applications
https://defuse.ca/race-conditions-in-web-applications.htm
● "LFI with phpinfo() assistance"
http://www.insomniasec.com/publications/LFI With PHPInfo Assistance.pdf
● Nghệ thuật tận dụng lỗi phần mềm
http://bluemoon.com.vn/books/8935048992197.html