Hi My Friends,
My First article, I will share the findings No Rate Limit on codingstudio.id
Let’s take your time to see this article
Ok, first time I’ll create account on this website, after the account is done I try to sign out and go to forgot password page.
then I intercept the request using burpsuite, you can see the request below
after that I using the Intruder for brute force the request with null payload
you can see the response code is 302 for all of Response.
and let’s take a look in my email, I receive a lot of email from codingstudio.id, this is just a few minutes.
this should not be allowed to happen because it can cause problems for users due to email bombing and make the storage users is fully, eventually causing the user to stop using the services on this website. If the Website uses Software Email Service or others will lead to financial losses.
TIMELINE :
Report : 23/11/2022
Duplicate : 26/11/2022
