Burp Suite User Forum

Create new post

Academy Lab Bug

ArkRyder | Last updated: Nov 14, 2023 10:42PM UTC

Hello! I have been working through the Race Conditions topic, and am stuck on the last lab, Exploiting Time-Sensitive Vulnerabilities. I understand the concept, but the requests for username=wiener and username=carlos consistently take different amounts of time. The solution makes no mention of this, and none of the usual warming techniques are working. It just seems that when username=wiener the request takes ~550 ms and when username=carlos the request takes ~250 ms. Is this intended behavior, and if so, what am I supposed to do here?

Michelle, PortSwigger Agent | Last updated: Nov 15, 2023 10:51AM UTC

Hi When you worked through the step 'Bypass the per-session locking restriction' did you see a similar issue when sending the two requests in parallel for your user or were the times of the requests as expected at that stage?

Kim | Last updated: Dec 30, 2023 04:29AM UTC

Hi, i got the same issue - there is consistently an approx 300 millis difference between carlos & wiener - but when using the same account there is no issue - so maybe a DB issue? am waiting for the lab to reset to see if the large number of emails I sent caused the problem.

Michelle, PortSwigger Agent | Last updated: Jan 02, 2024 08:38AM UTC

Thanks for getting in touch. If you still have the same issues after the lab reset, can you tell us more about the steps you're taking and the stage where you start seeing the difference in the response times?

Marc | Last updated: May 02, 2024 08:44PM UTC

I have the same issue. The closest my timing has been on the two was 3 ms (both right around 300). Many that were relatively close have been within 30 ms, but I still haven't been able to complete the lab.

Marc | Last updated: May 02, 2024 08:56PM UTC

Actually, I was just able to get them both to fire at the same 517ms once after repeatedly sending the two requests in parallel without changing the session id nor the csrf token and I still could not change the url to 'carlos' without it saying 'invalid token', yet I could still change wiener's password with that reset link.

Ben, PortSwigger Agent | Last updated: May 03, 2024 07:48AM UTC

Hi Marc, To confirm, at what stage of the solution are you having these issues at?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.