Race Conditions

This lab's purchasing flow contains a race condition that enables you to purchase items for an unintended price.

To solve the lab, successfully purchase a Lightweight L33t Leather Jacket.

You can log in to your account with the following credentials: wiener:peter.

First, login as wiener

After which, add the Lightweight L33t Leather Jacket into the cart

After that add the coupon.

When we look at the traffic, we will realised that when we add the coupon code, it will send a POST request to /cart/coupon.

So what if we tried to send the coupon code in parallel instead.

We can see that some of the response returned as Coupon applied.

So now when we refresh the web page, we can see that multiple coupon code is now being stacked on each other.

Checking out the cart will complete the lab.

Last updated 1 year ago