LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

How No rate limiting got me 150$ in 5 minutes.

1 day ago 6
BOOK THIS SPACE FOR AD
ARTICLE AD

Noureldin(0x_5wf)

Hi There , thats my first write-up , So sorry for my bad English._.

Story:

I got a private invitation for a program , I cannot say its name , so lets call it redacted.com , it was a trading platform , so i started hacking on the main application without recon, I find that they have a program called “educational program” that you can join by giving them your email and some details.

They have an otp to check that you are the owner of the email , the code was about 4-digits , it is about 10K tries , and guess what? there were no rate limit protection in the request , So i reported it waiting for duplicate , but for my surprise it got triaged and after a month i got my bounty with bonus.

Timeline:

Reported — — 4/08/2024

Triaged — — — 8/08/2024

Resolved and got bounty — — 15/10/2024

Read Entire Article
  3. How No rate limiting got me 150$ in 5 minutes.

Related

Single endpoint leads to two bounties!(400$)

Single endpoint leads to two bounties!(400$)

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Google Warns of Samsung Zero-Day Exploited in the Wild

Google Warns of Samsung Zero-Day Exploited in the Wild

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Trending

1. Siddique
2. Arsenal vs Shakhtar Donetsk
3. Share market today
4. North Korean South Korea
5. Indian airlines bomb threats
6. Prithvi Shaw
7. China
8. Anupam Kher
9. Godavari Biorefineries IPO
10. Lidia Thorpe

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved