alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~172~~	Closed	~~Race Condition in Cloud Subscription Endpoint Allows Un~~ ...	dav3n	Task Description Summary: Hello, I have identified a critical race condition vulnerability on alwaysdata.com that allows any authenticated user to bypass account restrictions and provision unlimited 100MB free cloud instances. This issue can be exploited using Burp Suite along with the Turbo Intruder extension, although other tools capable of concurrent requests may also be used. Steps to Reproduce: Log into any valid user account on https://admin.alwaysdata.com. Make sure the account does not already own a 100MB free cloud instance. Start creating a new 100MB free cloud subscription via the interface. Intercept the request sent to the following endpoint: POST /admin/account/add/ HTTP/1.1 Host: admin.alwaysdata.com 5 - Modify the name parameter by inserting %s, which Turbo Intruder will later replace using a wordlist. 6 - Configure Turbo Intruder to fire multiple concurrent requests to that endpoint using the modified payload: csrfmiddlewaretoken=<csrf>&name=%s&password=<yourpass>&location=datacenter_3&product=1&period=1mo&submit= 7 - Launch the Turbo Intruder attack. You’ll observe multiple responses with a similar length (~270), which indicates that several cloud instances were successfully created concurrently. Check your subscription list: you'll notice that multiple 100MB free clouds have been added, bypassing the expected 1-instance restriction. Proof of Concept (Video): https://youtu.be/GWuo8FdqC1s Impact: This vulnerability allows any authenticated user to: Bypass subscription restrictions and claim multiple "free tier" services. Abuse storage resources by stacking unlimited 100MB instances. Impact the platform’s financial stability due to misuse of free offerings. Overload infrastructure, potentially degrading performance or availability for other users. Undermine alwaysdata’s business model, by rendering subscription limits ineffective. In short, this vulnerability could be weaponized to consume massive amounts of storage at zero cost, with no rate limit or quota enforcement preventing abuse. Recommendations: Implement server-side locking or atomic operations to prevent concurrent subscription creation. Apply idempotency checks and enforce strict rate limiting. Consider rejecting duplicate subscription requests at the application logic level, even under concurrent load. Contact: If you need additional information, reproduction support, or testing help, feel free to reach out. Best regards, dav3n

~~172~~

Closed

~~Race Condition in Cloud Subscription Endpoint Allows Un~~ ...

Task Description

Summary:

Hello,

I have identified a critical race condition vulnerability on alwaysdata.com that allows any authenticated user to bypass account restrictions and provision unlimited 100MB free cloud instances.
This issue can be exploited using Burp Suite along with the Turbo Intruder extension, although other tools capable of concurrent requests may also be used.

Steps to Reproduce:

Log into any valid user account on https://admin.alwaysdata.com.
Make sure the account does not already own a 100MB free cloud instance.
Start creating a new 100MB free cloud subscription via the interface.
Intercept the request sent to the following endpoint:

 POST /admin/account/add/ HTTP/1.1
 Host: admin.alwaysdata.com

5 - Modify the name parameter by inserting %s, which Turbo Intruder will later replace using a wordlist.
6 - Configure Turbo Intruder to fire multiple concurrent requests to that endpoint using the modified payload:

 csrfmiddlewaretoken=<csrf>&name=%s&password=<yourpass>&location=datacenter_3&product=1&period=1mo&submit=

7 - Launch the Turbo Intruder attack.

You’ll observe multiple responses with a similar length (~270), which indicates that several cloud instances were successfully created concurrently.

Check your subscription list: you'll notice that multiple 100MB free clouds have been added, bypassing the expected 1-instance restriction.

Proof of Concept (Video):

https://youtu.be/GWuo8FdqC1s

Impact:

This vulnerability allows any authenticated user to:

Bypass subscription restrictions and claim multiple "free tier" services.

Abuse storage resources by stacking unlimited 100MB instances.

Impact the platform’s financial stability due to misuse of free offerings.

Overload infrastructure, potentially degrading performance or availability for other users.

Undermine alwaysdata’s business model, by rendering subscription limits ineffective.

In short, this vulnerability could be weaponized to consume massive amounts of storage at zero cost, with no rate limit or quota enforcement preventing abuse.

Recommendations: Implement server-side locking or atomic operations to prevent concurrent subscription creation.

Apply idempotency checks and enforce strict rate limiting.

Consider rejecting duplicate subscription requests at the application logic level, even under concurrent load.

Contact: If you need additional information, reproduction support, or testing help, feel free to reach out.

Best regards,
dav3n

Showing tasks 1 - 1 of 1 Page 1 of 1

All Projects

Available keyboard shortcuts

Tasklist

Task Details

Task Editing