🕵️ Stripo Inc: No rate limiting - Create data
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
Summary: Hello team Stripo, how are you? I found a rate limit for data creation. Target = https://my.stripo.email/cabinet/#/my-services/298427?tab=data-sources Request to Post: ``` POST /emailformdata/v1/amp-lists?projectId= HTTP/1.1 Host: my.stripo.email User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json;charset=UTF-8 Cache-Control: no-cache Pragma: no-cache Expires: Sat, 01 Jan 2000 00:00:00 GMT X-XSRF-TOKEN: 3ef1a2b8-f640-457b-bac8-1d629d0f9498 Content-Length: 198 Origin: https://my.stripo.email Connection: close Referer: https://my.stripo.email/cabinet/ Cookie: amplitude_id_246810a6e954a53a140e3232aac8f1a9stripo.email=eyJkZXZpY2VJZCI6ImU1NjAwZjk3LTFiY2QtNDIzOS1iZTczLWNmNWVhYmMzMTJkZFIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYwNjc0NjU3NzcwMCwibGFzdEV2ZW50VGltZSI6MTYwNjc0Njg1ODg3OCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9; pin_unauth=dWlkPU1UUTFZemczWlRFdE1HSXdOeTAwT1Rrd0xUbGxNVEl0TWpBeE16WmpZVE00WlRZNA; _ga=GA1.2.730792257.1605012362; _pin_unauth=dWlkPU1UUTFZemczWlRFdE1HSXdOeTAwT1Rrd0xUbGxNVEl0TWpBeE16WmpZVE00WlRZNA; G_ENABLED_IDPS=google; __stripe_mid=e5538cc4-3896-4b96-b703-711ef38535d3313b41; _ga=GA1.3.730792257.1605012362; _gid=GA1.2.1102057235.1606746578; __stripe_sid=fcbc15d6-fe33-41ca-bd12-ad2a6fd80eb5a7fc3c;... ...
🕵️ Stripo Inc: CORS on my.stripo.email
📈 53.44 Punkte
🕵️ Sicherheitslücken
🕵️ Stripo Inc: No length on password
📈 31.71 Punkte
🕵️ Sicherheitslücken
🕵️ Stripo Inc: Stored XSS at Module Name
📈 31.71 Punkte
🕵️ Sicherheitslücken
🕵️ Stripo Inc: Permanent DOS for new users!
📈 31.71 Punkte
🕵️ Sicherheitslücken
🕵️ Stripo Inc: SSRF external interaction
📈 31.71 Punkte
🕵️ Sicherheitslücken