.png)
8 months ago
66 BOOK THIS SPACE FOR AD
ARTICLE AD
Subscribed to: https://medium.com/@kerstan
Hello everyone, I’m Kerstan.
Today is Bug bounty Tuesday, I will share with you how to use rate-limit bypass account takeover.
So, let’s dive right in.
In a private bug bounty program, when a password reset was initiated, users were asked to enter a six-digit numeric code sent to their email for verification.
To deter brute-force attacks, the application set up rate-limit protection, limiting the number of requests users could make within a specific time frame. If this limit was exceeded, the system would return a 429 Too Many Requests error message.
However, the rate-limit protection was bypassed by adding two X-Forwarded-For: IP headers.
POST /reset HTTP/2Host:example.com
X-Forwarded-For:1.1.1.1
X-Forwarded-For:2.2.2.2
By changing the IP address in the second X-Forwarded-For header, it became possible to bypass the rate limit and attempt multiple codes until the correct one was located.
Exploiting this vulnerability made it possible to take over any account within the application without authorization.
Resources:
https://x.com/hunter0x7/status/1766117775188316260?s=20
If this writing has been helpful to you, please consider giving it a clap and following. Thanks bro.
Alternatively, you can just buy me a coffee here, any sort of support is much appreciated. Enjoy your reading.
If you want to learn more knowledge about Bug Bounty Tuesday, please be sure to take a look at my latest articles.
Bengali (Bangladesh) · 
English (United States) ·