Bypassed Rate Limit

Hello Folks, I am Vinay Jagetiya(princej_76)!!!

This is my first blog, and I will explain how I bypassed Rate Limit, by request modification and able to get unlimited SMS.

Lets Begin!!!

Lets assume the vulnerable domain is ‘test.com’

It inputs phone number for getting app link through SMS.

The HTTP header of the request for the verification of phone number looks like this:

OPTIONS /api/v1/sms/app_link?phone_number=xxxxxxxxxx

(I can’t reveal target, as issue is not resolved yet!)

So here’s the original request, i tried to check if it has rate limit. And yes it is limited to a couple of SMS only.

Then, I thought to do some changes to the request and try again as you can see, It says “Access-Control-Access-Method: GET”.

Just after looking at that, then I thought to Change the request method i.e., from OPTIONS to GET and try again.

Now request looks like:

GET /api/v1/sms/app_link?phone_number=xxxxxxxxxx

Now, I tried using null payloads (continue indefinitely) and then

BOOM!!!! every request was 200 OK and I was getting SMS for every request.

This is how I Bypassed Rate Limit. Hope you like the article.

I hope it will be helpful for beginners in Bug-Hunting.

For more articles you can connect me on:

Twitter: https://twitter.com/princej_76

Linkedin: https://www.linkedin.com/in/vinay-jagetiya/