Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Race Condition Vulnerability in CreateOrder Method (CVE-2024-53476) #1111

Open
AbdullahAlmutawa opened this issue Dec 20, 2024 · 1 comment
Open

Race Condition Vulnerability in CreateOrder Method (CVE-2024-53476) #1111

AbdullahAlmutawa opened this issue Dec 20, 2024 · 1 comment

Comments

@AbdullahAlmutawa
Copy link

Description

The CreateOrder Method in the OrderService.cs is vulnerable to a race condition that allows multiple simultaneous requests to oversell products. This issue enables attackers to purchase more items than are available in stock by exploiting the timing window between stock checks and stock updates, leading to negative stock quantities and unauthorized purchases.

Steps to Reproduce (PoC)

An attacker can exploit this vulnerability by attempting to purchase a product at almost the same time with limited stock (stock = 1) using two accounts. If both accounts successfully purchase the product, it confirms the presence of a race condition. This can be done using custom scripts or Burp Suite turbo intruder to send concurrent checkout requests.
To further demonstrate the vulnerability, please refer to the following YouTube video:POC

Suggested Fix

Vulnerable code from OrderService.cs:
carbon (3)
To mitigate this vulnerability, implement atomic operations or utilize database transactions with appropriate locking mechanisms to ensure that stock checks and updates occur as a single, indivisible operation.

Useful Links

https://cwe.mitre.org/data/definitions/362.html
https://github.com/AbdullahAlmutawa/CVE-2024-53476
@hishamco
Copy link
Member

Thanks for reporting this @AbdullahAlmutawa, do you plan to create a PR or should I do it so quick

This was referenced Jan 4, 2025
Closed
Closed
Open
NishantKumar-2005 added a commit to NishantKumar-2005/SimplCommerce that referenced this issue Jan 4, 2025
@NishantKumar-2005
Update OrderService.cs
d43c733 
In this code:

Fixes/simplcommerce#1111
The transaction is started using _checkoutItemRepository.BeginTransaction().
The product is queried and locked for update using _checkoutItemRepository.saveChanges().
The stock quantity is checked and updated within the transaction.
The transaction is committed after the order is created.
This ensures that the stock check and update are performed atomically, preventing race conditions.
@NishantKumar-2005 NishantKumar-2005 mentioned this issue Jan 4, 2025
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hishamco @AbdullahAlmutawa