🕵️ Stripo Inc: No rate limiting for confirmation email lead to huge Mass mailings
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
this Report based on #997070 Issue Description No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn't give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in #297359 #774050 #922470 URL Effected https://my.stripo.email Step-by-step Reproduction Instructions Go to url https://my.stripo.email/ Create an Account Click To Resand Email For Conformation and repreat to burp-suite Sent request to burp-intruder, and clear all payloads § In the payloads set a null-payloads and run intruder 500+ request sent to victim-email Request POST /messenger/web/metrics HTTP/1.1 Host: api-iam.intercom.io Connection: close Content-Length: 1055 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://my.stripo.email Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9... ...
🕵️ Stripo Inc: CORS on my.stripo.email
📈 60.1 Punkte
🕵️ Sicherheitslücken
🕵️ Stripo Inc: No length on password
📈 31.71 Punkte
🕵️ Sicherheitslücken