CWE-400: Uncontrolled Resource Consumption
Rate-Limit-Bypass
add %00 at the end of mail in intruder whenever error 429 comes Or %2e,%0d ,%0a
%00
%2e
%0d
%0a
add X-Forwarded-For: 127.0.0.1
X-Forwarded-For: 127.0.0.1
If rate limit is based on ip use ip rotator burp extention
signupt form β catch post req for adding users β send to intruder β h0tak88r+1000@bugcrowdninja.comβ make more than 400 accs β report it
(21) Techniques For Bypassing Rate Limiting on OTP/2FA Endpoints | LinkedIn
P4
Server Security Misconfiguration > No Rate Limiting on Form > Registration
Server Security Misconfiguration > No Rate Limiting on Form > Login
Server Security Misconfiguration > No Rate Limiting on Form > Email-Triggering
Server Security Misconfiguration > No Rate Limiting on Form > SMS-Triggering P5
Server Security Misconfiguration > No Rate Limiting on Form > Change Password
Last updated 10 months ago
