Vulnerability Finding No Rate Limit On File Upload

Hi everyone,,

Here i want to share my experience in finding a vulnerability in the product website example.com (website disguise)

1. First acces the website
2. Upload file pdf or docx
3. Then intercept on the endpoint API/V1/Upload using burpsuite.Where we get the endpoint is by accessing the available Dropbox features for uploading files

3. Send the captured request to the repeater feature on burpsuite

4. Send as many requests as possible and watch for static responses

5. when a request is sent continuously with the same file, it looks like a static response has different file names, as shown in the following image

here I use two trials by uploading pdf and docx files

and the following for the docx file below

This vulnerability can cause the storage to be very full because there is no limit for uploading data in the same file

Thanks All