Amazon vulnerability that can flood user’s mailbox.
Hello guys, Vedavyasan here👽✨.
WHAT IS NO RATE LIMIT VULNERABILITY ?
No rate limit is a flaw that doesn’t limit the no of attempts one makes on a website server to extract data. It is a vulnerability which can prove to be critical when misused by attackers. REAL LIFE EXAMPLES : When you try to login to your account, after 3–4 wrong attempts, your account gets suspended for some hours.
i identified this vulnerability on amazon create an account page
After filling all the fields i click the continue button and the next page was for verifying email address through otp and it was looks like this.
Then i click the resend otp button and intercept the request using burpsuite.
and i send this request to intercept and select my “email” as the parameter injection and paste the email in the payload list 50times and started the attack.
BOOOM…….!
there it is…!
IMPACT:
This Type Of Attack Can Result You In Financial Lose And It Can Also Slow Down Your Services It Can Take Bulk Of Storage In Sent Mail Although If Users Are Affected By This Vulnerability They Can Stop Using Your Services Which Can Lead To Business Risk.
reported : October 2, 2022
status:Duplicate
So this is all about this write-up, hope you liked it, if you found this informative, do not forget to clap👏 and do let me know if you have any doubts✌️.
Thanks For Reading😊
REFERENCES:
https://medium.com/@shahjerry33/no-rate-limit-2k-bounty-642720ffba99
Profile links:
https://www.instagram.com/ved4vyasan/