$500 Bounty: Race Condition in Hacker101 CTF Group Join

Hacker101 responsible disclosure programme pays out $500 for resolution of a race condition vulnerability in its group invite system, which allowed users to join a single team multiple times using a single invite link by sending multiple concurrent requests.
The issue, discovered by zeyu2001, highlights the need for robust backend protection against concurrent requests in apparently straightforward features, even if they have not exhibited sequencing vulnerabilities in testing.
This is emphasized by the fact that a similar issue was reported and closed in 2015, but not fully addressed.
Responsible disclosure programmes partner ethical hackers with companies to resolve issues before they can be exploited by malicious actors, and in many cases reward them for doing so.

Fast Feed