Bypassed Rate Limit -2
Hello Folks, Vinay Jagetiya(princej_76) here again!!!
This is my another article, and I will explain how I bypassed Rate Limit, by using null payloads and able to get unlimited SMS.
Lets Begin!!!
Lets assume the vulnerable domain is ‘test.com’
It requires phone number for creating account.
POST request contained parameter: phone=xxxxxxxxxx
Add attack vector just after phone number. (Adding attack vector at any other place can lead to Rate Limit) and do attack using simple list and take null bytes in increasing manner(like : %00, %00%00, %00%00%00, etc) and on attack you would be getting OTPs depending upon number of payloads used.
BOOM!!!! every request was 200 OK and I was getting SMS for every request.
The logic was if there is any change in phone number, then server takes it as new request.
I hope it will be helpful for beginners in Bug-Hunting.
You can connect me on:
Twitter: https://twitter.com/princej_76
