Closed usman-asrg closed 2 years ago
@heldyboy I tried this out... after clicking on the forget password link I only received one email. So, I am not sure about the above issue... tried to find in google as well by trying different keywords mentioned in the description but no luck...
Please look into a rate limiter function for login, registrations and forgot passwords.
Added the rate limit to 3 / Minutes... Let me know if you want me to increase the rate limit
affected url : https://www.asrg.io
step to reproduce
step 1 : while forgot password intercept the request step2: sent it to intruder in burp suite choose null payload 400 and start
and it also causing app level dos
POC it trigger 400 mail to victim