| タイトル | PHPEMS <=11.0 Race Condition |
|---|
| 説明 | The points consumption function in PHPEMS (an open-source web-based exam simulation system) is affected by a Race Condition vulnerability, which falls under the category of Logic Flaw. This vulnerability exists in PHPEMS 11.0 and all earlier versions. An attacker with an account containing valid points can exploit the lack of atomicity checks and synchronization mechanisms in the points consumption process. By sending multiple concurrent course purchase requests (which consume points) via tools like Burp Suite Turbo Intruder with a race condition script, the attacker can successfully purchase the same points-consuming course more than 10 times using the same pool of points. This allows unauthorized accumulation of virtual assets (e.g., access to paid courses) without corresponding points deduction for each transaction. If the points are tied to real currency (e.g., purchased via cash or other payment methods), the vulnerability may lead to direct financial losses for the platform operator. |
|---|
| ソース | ⚠️ https://byebydoggy.github.io/post/2025/1229-phpems-points-race-condition-poc/ |
|---|
| ユーザー | byebyedoggy (UID 90091) |
|---|
| 送信 | 2025年12月29日 07:57 (4 月 ago) |
|---|
| モデレーション | 2025年12月29日 09:20 (1 hour later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338634 [PHPEMS 迄 11.0 Purchase Request 競合状態] |
|---|
| ポイント | 20 |
|---|