$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-racecondition-file-write
Now that the app is running let's go hacking!
Reconnaissance
Step1
We can download a file from the server by doing a GET request to the server.
Let's try:
Once we download the file we can see whatever we add to the URL is being written in a file called shared-file.
Step 2
As the application suggests, there is a Race condition vulnerability in this app, let's try to find it.
If we look at the code we see that the application gets the query parameter, writes to a file called shared-file.txt, then opens the file and send it back as a response.