alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	26	Closed	~~#1 Crititical Vulnerability Name: No Rate Limit in addi~~ ...	Fahimhusain Raydurg	Task Description Vulnerability Name: No Rate Limit in adding Sites Impact: - This may consume a large amount of bandwidth and, sometimes, require large amounts of storage space. How to reproduce this issue: 1. Use Burp Suite and capture the Sites request. 2. Send the captured request to Intruder and select name position as shown in POC. 3. Set payloads to numbers and numbers will be from 1 to 40 (depending on your usage). 4. Observe that the status code is 302 means we can add an unlimited Sites. Recommendation: 1. There should be some rate limit for Add Sites (Example: should not exceed more than 10 Sites) 2. Implement Captcha, the captcha should not be based on IP. POC: - Video file in below link. - Link: https://www.mediafire.com/file/q9ir608diysdnhj/Always+Data+Poc-1.mp4/file https://mediafire.com/file/q9ir608diysdnhj/Always+Data+Poc-1.mp4/file

Closed

~~#1 Crititical Vulnerability Name: No Rate Limit in addi~~ ...

Task Description

Vulnerability Name: No Rate Limit in adding Sites

Impact:
- This may consume a large amount of bandwidth and, sometimes, require large amounts of storage space.

How to reproduce this issue:

1. Use Burp Suite and capture the Sites request.

2. Send the captured request to Intruder and select name position as shown in POC.

3. Set payloads to numbers and numbers will be from 1 to 40 (depending on your usage).

4. Observe that the status code is 302 means we can add an unlimited Sites.

Recommendation:
1. There should be some rate limit for Add Sites (Example: should not exceed more than 10 Sites)

2. Implement Captcha, the captcha should not be based on IP.

Showing tasks 1 - 1 of 1 Page 1 of 1