The goal of this challenge is to become the steal everyone's money, but there are some checks which needs to be bypassed.
An attacker can give account number of victim on from post parameter and on to parameter attacker can use his account number.As there is no check for verifying that from account is user’s account only.
But we need to verify it too.
So catch here that application is using uuid version 1 which has vulnerability allow users to guess it due to (CVE-2015-8851)[https://nvd.nist.gov/vuln/detail/CVE-2015-8851] so attacker can even verify transaction by guessing it.
How is it possbile?
UUIDs v1, also known as host or time based UUIDs, are generated taking into consideration different components. Take for example, the following UUID v1:
e034b584–7d89-11e9–9669–1aecf481a97b
UUID v1 contains following things
Version: The UUIDs version in this example can be found in the grey text area “1”, which makes the example’s version UUID v1.
Timestamp: A 60-bit value, representing the number of 100 nanosecond intervals since 15 October 1582 00:00:00.00.
Clock Sequence / Clock ID: A 14-bit value, originally initialized to a random value to minimize the correlation across systems. (i.e., only performed once in the lifetime of a system). In this example, it’s 1669. In the UUID itself, the first digit isn’t a 1 but a 9 because the most significant bit is also set, as mandated by the variant.
Node ID: 48-bit MAC address of the “node” (that is, the computer generating the UUID) (which we can get simply genrating request to transfer some amount and getting verfication link and will be same for everyone).
We need only time stamp when Timestamp which we can get from response header(Date)