Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Rate limit bug

apoorva | Last updated: Jul 10, 2019 11:16AM UTC

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.

Burp User | Last updated: Jul 10, 2019 11:17AM UTC

Recommendations: Implement backend verification/input validation to ensure rate limits on critical functions like notification mechanisms like Email or OTPs (as applicable)

Liam, PortSwigger Agent | Last updated: Jul 10, 2019 01:26PM UTC

Our bug bounty program is detailed on our blog: - https://portswigger.net/blog/portswigger-bug-bounty-program Do be sure to read the scope rules.

Devatv | Last updated: Jul 04, 2020 05:42PM UTC

nice

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.