exploiting-race-condition-vulnerabilities
CommunityFind and exploit web race conditions reliably
System Documentation
What problem does it solve?
This Skill helps security testers detect, reproduce, and validate race condition vulnerabilities in web applications where concurrent requests can bypass limits, duplicate transactions, or cause TOCTOU logic failures, enabling accurate impact assessment and remediation guidance.
Core Features & Use Cases
- Turbo Intruder single-packet attacks: Example scripts and configuration for HTTP/2 synchronized requests to minimize network jitter and maximize the race window.
- Python multi-threaded agent: A CLI-capable agent that sends synchronized concurrent requests, collects response metadata, and flags indicators of race conditions.
- Analysis and remediation guidance: Heuristics to identify successful exploitations (multiple 200 responses, mixed status codes, differing response bodies) and recommended fixes such as DB locking, idempotency keys, and optimistic concurrency.
- Use Cases: Testing coupon redemption, balance transfers, inventory purchases, multi-step workflows, and rate-limited endpoints during authorized assessments or bug bounty programs.
Quick Start
Run the exploiting-race-condition-vulnerabilities skill against an authorized target using the provided Turbo Intruder scripts or the Python agent to test a state-changing endpoint for concurrent-execution vulnerabilities.
Dependency Matrix
Required Modules
Components
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: exploiting-race-condition-vulnerabilities Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#exploiting-race-condition-vulnerabilities Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.