Bypassed Rate Limit

Vinay Jagetiya (princej_76)
2 min readNov 2, 2021

--

Hello Folks, I am Vinay Jagetiya(princej_76)!!!

This is my first blog, and I will explain how I bypassed Rate Limit, by request modification and able to get unlimited SMS.

Lets Begin!!!

Lets assume the vulnerable domain is ‘test.com’

It inputs phone number for getting app link through SMS.

The HTTP header of the request for the verification of phone number looks like this:

OPTIONS /api/v1/sms/app_link?phone_number=xxxxxxxxxx

(I can’t reveal target, as issue is not resolved yet!)

So here’s the original request, i tried to check if it has rate limit. And yes it is limited to a couple of SMS only.

Then, I thought to do some changes to the request and try again as you can see, It says “Access-Control-Access-Method: GET”.

Just after looking at that, then I thought to Change the request method i.e., from OPTIONS to GET and try again.

Now request looks like:

GET /api/v1/sms/app_link?phone_number=xxxxxxxxxx

Now, I tried using null payloads (continue indefinitely) and then

BOOM!!!! every request was 200 OK and I was getting SMS for every request.

This is how I Bypassed Rate Limit. Hope you like the article.

I hope it will be helpful for beginners in Bug-Hunting.

For more articles you can connect me on:

Twitter: https://twitter.com/princej_76

Linkedin: https://www.linkedin.com/in/vinay-jagetiya/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Vinay Jagetiya (princej_76)
Vinay Jagetiya (princej_76)

Written by Vinay Jagetiya (princej_76)

Security Researcher | Found 500+ vulnerabilities | HOF from 30+ Organizations.

Responses (2)

Write a response