.png)
2 weeks ago
29 BOOK THIS SPACE FOR AD
ARTICLE AD
How to find No Rate Limiting Bug in websites
Hello Tech Guys
First we start with description of the Bug
What is Rate Limiting?
No rate limiting” refers to a system or service that does not impose restrictions on the number of requests, interactions, or actions a user or client can perform within a given time period.
In other words, when a service has no rate limiting, there are no controls on how frequently a user can make requests to the server or API. This contrasts with systems that do use rate limiting, where users or clients are restricted by a set number of requests in a given timeframe, such as 100 requests per minute, in order to prevent abuse, ensure fair usage, and protect the system from overloading.
How to find such bugs?
Look for forms in the target website. If you find follow the step.
For example we are take — login form to verify with OTP.
1, Start the Burp suite and configure the proxy.
2, Enter credentials' in the form email/Phone number to send the OTP.
3,After capture the right packet, send to burp intruder.
4, Add the payload in the “Accept-Language” q = “ “ and set the payload type as number.
5, The number from 1 to how many request you want example 100.
BOOM………You will got 100 OTP.
That will lead to financial lost and also down serivice.
![Finding and Exploiting open SMB service [bug bounty write-up].](https://miro.medium.com/v2/resize:fit:1200/1*oSMn0TAdbmaJ8_vcuTI9Iw.png)
Bengali (Bangladesh) · 
English (United States) ·