🧑Whoami
🕸️Web-AppSec
✉️API-Sec
📱Android-AppSec
📶Network-Sec
💻Desktop AppSec
- Thin Client vs. Thick Client
☁️Cloud Sec
👨‍💻Programming
🖥️Operating Systems
✍️Write-Ups

Powered by GitBook

On this page

Was this helpful?

🕸️Web-AppSec

No Rate Limit

CWE-400: Uncontrolled Resource Consumption

Rate-Limit-Bypass
add %00 at the end of mail in intruder whenever error 429 comes Or %2e,%0d ,%0a
add X-Forwarded-For: 127.0.0.1
If rate limit is based on ip use ip rotator burp extention
signupt form → catch post req for adding users → send to intruder → h0tak88r+1000@bugcrowdninja.com→ make more than 400 accs → report it
(21) Techniques For Bypassing Rate Limiting on OTP/2FA Endpoints | LinkedIn

P4

Server Security Misconfiguration > No Rate Limiting on Form > Registration
Server Security Misconfiguration > No Rate Limiting on Form > Login
Server Security Misconfiguration > No Rate Limiting on Form > Email-Triggering
Server Security Misconfiguration > No Rate Limiting on Form > SMS-Triggering P5
Server Security Misconfiguration > No Rate Limiting on Form > Change Password

PreviousLFI to RCE NextParameters Manual Testing

Last updated 1 year ago

Was this helpful?