Session Race Conditions and Session Puzzling – Now Simplified
The Hacker News
A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center (HASC) published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once.

Temporal Session Race Conditions (TSRC) is yet another a new application level vulnerability (presented in September 15, 2011, in local OWASP chapter meeting) that extends the capabilities of session puzzling, enables the exploitation of race conditions without latency and provides a new purpose for application denial of service attack.

The attack generally extends the lifespan of temporary session variables (session calculations and assignments with a lifespan of milliseconds) by increasing the latency of the following lines of code through the use of specific layer targeted denial of service attacks.

This time Shay Chen have created several demonstration movies in order to properly explain the exposures (The new TSRC exposure and Session Puzzling), and in addition, published a presentation, a test assisting tool and a new version of the training kit.

The demonstration movies, presentation can be found in the puzzlemall project homepage, and there's a post in his blog that explains the whole subject:

The following movies demonstrate a few simple TSRC attacks:

The following short movies demonstrate a few simple session puzzling sequences

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.