Hello guys, Vedavyasan here👽✨.This is my first writeup on @Hacklido thank you @admiralarjun for giving me the oppurtunity.
WHAT IS NO RATE LIMIT VULNERABILITY ?
No rate limit is a flaw that doesn’t limit the no of attempts one makes on a website server to extract data. It is a vulnerability which can prove to be critical when misused by attackers. REAL LIFE EXAMPLES : When you try to login to your account, after 3–4 wrong attempts, your account gets suspended for some hours.
I identified this vulnerability on amazon create an account page
After filling all the fields i click the continue button and the next page was for verifying email address through otp and it was looks like this.
Then i click the resend otp button and intercept the request using burpsuite.
and i send this request to intercept and select my “email” as the parameter injection and paste the email in the payload list 50times and started the attack.
there it is…!
This Type Of Attack Can Result You In Financial Lose And It Can Also Slow Down Your Services It Can Take Bulk Of Storage In Sent Mail Although If Users Are Affected By This Vulnerability They Can Stop Using Your Services Which Can Lead To Business Risk.