.png)
9 months ago
45 BOOK THIS SPACE FOR AD
ARTICLE ADI was testing a web application i don’t reveal actual domain of target let’s name it as “example.com” . I was testing authentication function of these web application
You can only creat account using business emailAfter creating account you will get a confirmation link to email id providedI don’t have a business email so i grabbed a email from temp mail and created a account .
It was successful as a noobie i was just confused about what to look for. After some digging in the application i noticed that there is no rate limit on the “send email confirmation”
When the user creates a account they will be get redirected to a page were telling confirm your email and the user is able to get a confirmation link in their provided email
As i said above there was no rate limit on sending confirmation mail i was able to email flood / increase the expense of the company’s mail server. As a result i sended 1000 emails in less than 2 minutes.
Create account in example.comYou will be redirected to https://client.example.com/client/v2/email-confirmationyou will see a click here link that will resend the confirmation link you can capture the request in burpsuite/zap proxyJust fuzz the version number on user agent to 1000 time with numbersThe email provided on the request get 1000 emails1. If the attacker get a registered email address of any user in the talentify.io he can flood thire inbox with verification links from your website
2. Adding extra cost to the company mail server
3. Attacker can fill the outbox of mail server using this method
From a bug bounty perspective it a low hanging fruit but as a first bug i am happy with it. I reported this bug and recieved my first bounty
Bengali (Bangladesh) · 
English (United States) ·