Trick to bypass rate limit of password reset functionality

  1. Go to this endpint https://dashboard.example.io/password-reset
  2. Reset the password and capture the request with burp proxy
  3. Add a parameter in the endpoint of the request and send to intruder or send many requests manually => https://dashboard.example.io/password-reset?anyCharacter=1

--

--

--

Cyber Security Engineer | Penetration tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ADAMANT or Tor? I’ll take both!

Encrypted Calls from Your Smartphone

KILL SWITCH FOR RANSOMWARE: MITIGATING THREAT SMARTLY

Cybersecurity: The Next Cold War May Not Be So Cold…

{UPDATE} 3D simulador final Pizza Boy Hack Free Resources Generator

Security Patch Management — 7 Do’s and Don’ts

AWS Security

Three New Years Resolutions Every CISO Should Adopt

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdulrahman-Kamel

Abdulrahman-Kamel

Cyber Security Engineer | Penetration tester

More from Medium

Intigriti’s January 0122 XSS challenge Write Up

Tweet by @Intigriti

Bug Bounties in Sri Lanka

Insecure Deserialization — FAQ

✨Open redirect on third party🤫🤔