Finding Race Condition Vulnerability in the invite function that bypass maximum members limit.

Hello Everyone, in this post I am going to explain you how I have found a race condition vulnerability that bypass the maximum members limit which lead me to got a bounty of $250. Its a private website so lets say the website is www.redacted.com

The website allows to create teams, and in the team section there is a feature to invite team members via e-mail. The “Invite” function in the Team Member section of the Pro Section has been identified to have a race condition bug. This bug allows multiple invitations to be sent simultaneously, surpassing the intended limit of 10 members in the Pro Section. As a result, the system fails to enforce the membership limit, leading to potential issues and undesired consequences.

  1. Head over to https://redacted.com/teams/[Team Name]/settings/members
  2. Add an email and click on invite.
  3. Intercept the request, send it to Turbo Intruder, add the “X-Request: %s” header into the Request body, select the Race condition script and start the attack.
  4. Check, for the various invite sent in the dashboard surpassing the limit, also it can be used for email spamming or bombing as well

Impact

  1. Exceeding membership limit: The race condition bug allows users to send more than the allowed 10 invitations, resulting in an increased number of team members in the Pro Section. This can lead to overutilization of system resources, impacting performance and potentially causing instability.
  2. Resource allocation issues: With an excessive number of team members in the Pro Section, the allocation of resources such as storage, processing power, and bandwidth may become inadequate. This can lead to degraded system performance, slower response times, and increased latency, negatively impacting user experience.
  3. Security vulnerabilities: A larger number of team members than intended can introduce security risks. Unauthorized access to sensitive information, data breaches, or malicious activities becomes more likely as the system fails to enforce the intended access restrictions and permissions.
  4. Subscription inconsistencies: The bug allows users to bypass the membership limit, potentially leading to inconsistencies in subscription plans and billing. Customers who have paid for a specific membership tier may feel unfairly treated if others can join beyond the limit without any additional charges.
  5. Administrative challenges: Managing a larger number of team members can become cumbersome, especially when it exceeds the intended limit. Administrators may struggle to effectively communicate, delegate tasks, and ensure proper coordination among team members, impacting productivity and collaboration within the Pro Section.
  6. Email Bombing/Spamming: This same can be used for E-Mail Spamming that can bring a bad reputation to the company.

Leave a Reply

Your email address will not be published. Required fields are marked *

Achievements🏆

All the mentioned companies below, I have reported security vulnerabilities for which I have either received acknowledgement as Hall of Fame or received monetary reward as Bug Bounties. 

  • Telekom.
  • Sony.
  • Dell.
  • Adobe.
  • Frill.Co
  • Lenskart.
  • NCIIPC RVDP. (Goverment of India)
  • Magicpin.
  • Vercel.
  • YourDost.
  • Porche.
  • Channable.
  • OpenMoney.
  • Uizard.