Target: https://internshipadmin.eduskillsfoundation.org/
⚠️⚠️Don’t misuse the target. I disclosed it for live practice and educational purposes only.⚠️⚠️
I hope everyone is familiar with rate limit vulnerability. If not have a look at this https://medium.com/geekculture/rate-limiting-a-good-approach-for-scalable-system-45e338b77ffc
when you are exploiting the rate limit leads to email bombing or spamming, dos, etc. Mostly it comes under P4 according to its severity classification.
But this vulnerability can be exploited in many endpoints. Here I am exploiting the login page. Where I can brute-force the OTP, which is sent to email.
Login page:
- Enter the Email address and click send verification code.
2. You will get the code in your Inbox.
3. Enter a random code as input. (For example all zeros)
4. Turn the intercept ON in the Burp suite.
5. Now click verify & login and capture the request in the Burp suite.
6. Send this request to an intruder.
7. select the OTP as the payload position and add the payload as numbers according to the OTP type. (4 digit or 6 digits) (0000–9999)
8. Start the attack.
In an intruder attack, you can see all the requests are throwing 200 OK responses. I looked into it why is not giving 400 or an error response, but giving a 200 response code in the headers.
But in the response body, it's saying “false” for all incorrect OTP requests.
So we need to look into the response body as well in this case.
So took a small break to finish the intruder attack.
After some time I came back and listed all the responses by Keep on pressing the down arrow.
Suddenly I got Code:” True” in the response body. I used the code on the login page which is in the request.
Successfully logged in to the account.
Regards,
SHARAN K
## HAPPY HACKING ##