How I got my first bug bounty

4 months ago 25

BOOK THIS SPACE FOR AD

ARTICLE AD

Hi all my name is B1ayn and i am a bug bounty hunter.Today I’m going to tell you how I found my first bug bounty find.

No rate limit is a flaw that doesn’t limit the no of attempts one makes on a website server to extract data. It is a vulnerability which can prove to be critical when misused by attackers. Real Life Example: When you try to login to your account, after 3–4 wrong attempts, your account gets suspended for some hours.

We can esaily find Rate limit in forgot password link Registion page in otp sending .in these tupe of activity we can find rate limit.

We will use BurpSuite when doing this test.We select the target site (example:B1ayn.com).Register to the site.Then send request to reset my passwordLet’s capture the outgoing request with BurpSuite

1.capture the outgoing request with BurpSuite:

2.Send it to intruder :

clear all,then add only 0.3 Accept-Language: en-US,en;q=$0.3$ like this

3.Going to payload section select number as a payload:

Then send payload 1 from 100(links you want to send ) and in the gap from 1

Start Attack

Real life testing

Wow !! we reicived 100 mails in just 2 min.

Follow me for more writeups!

Twitter

Read Entire Article