Previous challenge Home
The vulnerability is Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
php
<?php
function incrementCounter() {
    $counterFile = 'counter.txt';
    $counterValue = file_get_contents($counterFile);
    $counterValue++;

    file_put_contents($counterFile, $counterValue);
}

incrementCounter();
?>
php To fix the vulnerability, we need to properly synchronize access to the shared resource, which is the 'counter.txt' file in this case. Rather than using file_get_contents and file_put_contents which can lead to race conditions, we should acquire an exclusive lock on the file (using flock) before reading or writing to it. This ensures that no other process can access the file while it is being worked on. After modifying the file, we should release the lock and close the file to allow other processes to acquire the lock and access the file.
php
<?php
// Assume this file is called race-condition-web-app.php.
require_once('vulnerable-code.php');
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Race Condition Example</title>
    </head>
    <body>
        <h1>Counter</h1>
        <?php echo file_get_contents('counter.txt'); ?>
    </body>
</html>