Lädt...

🕵️ Stripo Inc: No rate limiting - Create data


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com


image
Summary: Hello team Stripo, how are you? I found a rate limit for data creation. Target = https://my.stripo.email/cabinet/#/my-services/298427?tab=data-sources Request to Post: ``` POST /emailformdata/v1/amp-lists?projectId= HTTP/1.1 Host: my.stripo.email User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json;charset=UTF-8 Cache-Control: no-cache Pragma: no-cache Expires: Sat, 01 Jan 2000 00:00:00 GMT X-XSRF-TOKEN: 3ef1a2b8-f640-457b-bac8-1d629d0f9498 Content-Length: 198 Origin: https://my.stripo.email Connection: close Referer: https://my.stripo.email/cabinet/ Cookie: amplitude_id_246810a6e954a53a140e3232aac8f1a9stripo.email=eyJkZXZpY2VJZCI6ImU1NjAwZjk3LTFiY2QtNDIzOS1iZTczLWNmNWVhYmMzMTJkZFIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYwNjc0NjU3NzcwMCwibGFzdEV2ZW50VGltZSI6MTYwNjc0Njg1ODg3OCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9; pin_unauth=dWlkPU1UUTFZemczWlRFdE1HSXdOeTAwT1Rrd0xUbGxNVEl0TWpBeE16WmpZVE00WlRZNA; _ga=GA1.2.730792257.1605012362; _pin_unauth=dWlkPU1UUTFZemczWlRFdE1HSXdOeTAwT1Rrd0xUbGxNVEl0TWpBeE16WmpZVE00WlRZNA; G_ENABLED_IDPS=google; __stripe_mid=e5538cc4-3896-4b96-b703-711ef38535d3313b41; _ga=GA1.3.730792257.1605012362; _gid=GA1.2.1102057235.1606746578; __stripe_sid=fcbc15d6-fe33-41ca-bd12-ad2a6fd80eb5a7fc3c;... ...

🕵️ Stripo Inc: Unrestricted File Upload on https://my.stripo.email and https://stripo.email


📈 75.16 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: [www.stripo.email] There is no rate limit for contact-us endpoints


📈 65.62 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: No rate limiting for confirmation email lead to huge Mass mailings


📈 61.2 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: No rate limiting for subscribe email + lead to Cross origin misconfiguration


📈 61.2 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: No Rate Limiting on /reset-password-request/ endpoint


📈 61.2 Punkte
🕵️ Sicherheitslücken

🔧 What is Rate Limiting? Exploring the Role of Rate Limiting in Protecting Web APIs from Attacks


📈 58.98 Punkte
🔧 Programmierung

🕵️ Stripo Inc: Strored Xss on https://my.stripo.email/ ( multiple inputs)


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Tabnabbing in template comments - stripo.email


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: stripo blog search SQL Injection


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: subdomain takeover at status-stage0.stripo.email


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: subdomain takeover at status0.stripo.email


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: CORS on my.stripo.email


📈 53.44 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: No rate limit in email subscription


📈 43.9 Punkte
🕵️ Sicherheitslücken

🔧 Overcoming Hard Rate Limits: Efficient Rate Limiting with Token Bucketing and Redis


📈 41.67 Punkte
🔧 Programmierung

🕵️ Stripo Inc: CSRF - Modify Project Settings


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Stored XSS in template comments.


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Information disclosure through Server side resource forgery


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: No length on password


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Stored XSS at Module Name


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Password token leak via Host header


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Permanent DOS for new users!


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Redirection through referer tag


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: SSRF external interaction


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: weak password poilicy in signup password leak to account takeover


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Able to change password by entering wrong old password


📈 31.71 Punkte
🕵️ Sicherheitslücken

🕵️ Stripo Inc: Public and secret api key leaked in JavaScript source


📈 31.71 Punkte
🕵️ Sicherheitslücken

matomo