Trick to bypass rate limit of password reset functionality

  1. Go to this endpint https://dashboard.example.io/password-reset
  2. Reset the password and capture the request with burp proxy
  3. Add a parameter in the endpoint of the request and send to intruder or send many requests manually => https://dashboard.example.io/password-reset?anyCharacter=1

--

--

--

Cyber Security Engineer | Penetration tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Is the Cloud Safe? — Reducing Business Risk as Enterprises Aggressively Move to the Public Cloud

Its public mainnet will be rolled out in February 2022, following a series of scheduled, continuous…

General Interpretation of OCR Guidance on HIPAA & Cloud Computing

Steganography — Hiding data in image

What is Amazon GuardDuty?

What is GDPR — Things a Developer Should Know About GDPR.

xDollar Weekly Summary #6

{UPDATE} 四川麻将合集 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdulrahman-Kamel

Abdulrahman-Kamel

Cyber Security Engineer | Penetration tester

More from Medium

SSL Pinning Bypass With Objection

Cross-Site Request Forgery — CSRF

How I Bypassed Incapsula WAF By Imperva

A business logic error bug worth 600$