Burp community forum

Rate limit bug

apoorva | Last updated: Jul 10, 2019 11:16AM UTC

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.

Burp User | Last updated: Jul 10, 2019 11:17AM UTC

Recommendations: Implement backend verification/input validation to ensure rate limits on critical functions like notification mechanisms like Email or OTPs (as applicable)

Liam, PortSwigger Agent | Last updated: Jul 10, 2019 01:26PM UTC

Our bug bounty program is detailed on our blog: - https://portswigger.net/blog/portswigger-bug-bounty-program Do be sure to read the scope rules.

You need to Log in to post a reply. Or register here, for free.