Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Rate limit bug

apoorva niranjan Jul 10, 2019 11:16AM UTC

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.


apoorva niranjan Jul 10, 2019 11:17AM UTC
Recommendations:
Implement backend verification/input validation to ensure rate limits on critical functions like notification mechanisms like Email or OTPs (as applicable)

Liam Tai-Hogan Jul 10, 2019 01:29PM UTC Support Center agent

Our bug bounty program is detailed on our blog:

- https://portswigger.net/blog/portswigger-bug-bounty-program

Do be sure to read the scope rules.


Post Your public answer

Your name
Your email address
Answer