Rate_Limiting

some websites may exclude these types of vulnerabilities from the scope, So read the scope well before testing!
You can find it in any submission form like (login forms, contact forms, registration forms, and other types of forms that accept user input).

Testing and Checklist

look for any submission form like (login forms, contact forms, registration forms, and other types of forms that accept user input).
Try to submit a lot of submissions using Intruder, FFUF, ZAP...etc.
If u encountered a rate limit technique try to identify how is working and how it identifies u.

# IP based bypass
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Forwared-Host: 127.0.0.1

# Double X-Forwarded-For header example
X-Forwarded-For:
X-Forwarded-For: 127.0.0.1

Altering other request headers such as the user-agent and cookies is recommended
If the target system applies rate limits on a per-account or per-session basis, distributing the attack or test across multiple accounts or sessions can help in avoiding detection
Inserting blank bytes like %00, %0d%0a, %0d, %0a, %09, %0C, %20 into code or parameters can be a useful strategy. like-> code=1234%0a

Impact

it depends on the scenario, let's suppose a situation where we found it in Registration form where it sends email to verify your account the impact would be:

risk of the email address domain being added to a spam list.
reputational damage for the business as customers’ trust is impacted through receiving large amounts of unwanted and unsolicited emails.
for systems that use Software-as-a-Service (SaaS) email providers, there can be direct financial costs associated with sending large volumes of emails to unconfirmed user’s emails.

PreviousInformation_Disclosures NextClickjacking

Last updated 1 year ago

Was this helpful?