Vulnerability Finding No Rate Limit at Forgot Password
Hi everyone,,
Here I want to share my experience in finding vulnerabilities on a website example.com (website in disguise)
- First enter the website example.com then click forgot password
2. Enter the username in the form of a nik in the form provided and then intercept the request using burpsuite
3. send the intercepted request to the intruder and enter the payload 1–100 then wait for the response
and accounts registered on the example.com website accessed via forgot password were flooded with 100 password reset spam emails
these vulnerabilities could harm users who use these system services. Because with this vulnerability the attacker can flood the victim’s email continuously
that’s my experience in finding vulnerabilities, sorry if there’s still no clarity once again I’m just sharing my experience
Thanks All