The following movies demonstrate a few simple TSRC attacks:

Exploiting Temporal Session Race Conditions via Connection Pool Consumption:
[ame]http://www.youtube.com/watch?v=woWECWwrsSk[/ame]

Exploiting Temporal Session Race Conditions via RegEx DoS:
[ame]http://www.youtube.com/watch?v=3k_eJ1bcCro[/ame]


The following short movies demonstrate a few simple session puzzling sequences:

Authentication Bypass via Session Puzzling (Abusing common session variables):
[ame]http://www.youtube.com/watch?v=-DackF8HsIE[/ame]

User Impersonation via Session Puzzling (Abusing common session variables):
[ame]http://www.youtube.com/watch?v=ikIyInm0wAg[/ame]

Session Puzzling via Redirection Prevention (Abusing Premature Session Population):
[ame]http://www.youtube.com/watch?v=iTcOooHbgog[/ame]

Bypassing Restrictions in Multiphase Processes via Session Puzzling (Abusing Common Session Flags)
[ame]http://www.youtube.com/watch?v=HeP54b52IeQ[/ame]

Source: Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

thx to Shay Chen @sectooladdict