Hello, Hunters. I know You are here because you are struggling or want to advance in your career. Believe me, things take time. Be consistent, continue to learn, and never deceive yourself. If you follow these three mantras, you will undoubtedly achieve success.

Description:

I discovered a way to bypass no rate limiting by using "Access-Control-Allow-Origin:" and viewing the response as "200" vulnerable. There is no mechanism to protect against the requests you made in a short period of time if there is no rate limit. There will be no rate limit set if the repetition does not produce any errors after 50, 100, or 1000 repetitions.

Affected URL: https://XYZ.email/subscribe/

Step-by-step Instructions for Reproduction:

1.. Go to https://XYZ.email/ and scroll down.

2. search for the subscribe button

3. Add the victim emails and run burp-suite again.

4. Request sent to burp-intruder, and all payloads cleared

5. Set the payloads to null and run intruder.

6.1,000,000 requests were sent to victim-email.

None

Request:

POST /subscribe/ HTTP/1.1 Host: stripo.email X-Requested-With: XMLHttpRequest Content-Length: 126 Origin: https://evil.stripo.email Connection: close Referer: https://evil.stripo.email/

_token=§§&source=LANDING&subscribe-email=hostbugbounty%40gmail.com&g-recaptcha-response=

Response:

HTTP/1.1 200 OK Server: nginx Date: Mon, 09 Nov 2020 04:33:08 GMT Content-Type: application/json Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: private, must-revalidate pragma: no-cache expires: -1 X-RateLimit-Limit: 20 X-RateLimit-Remaining: 14 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: https://evil.xyz.email Content-Length: 234

{"success":{"_token":"Zc3Jo8QdivuDDsaS8LhimIW8mVo88eRVl9FYrBi8","source":"LANDING","subscribe-email":"victimuser@gmail.com","g-recaptcha-response":null},"message":"Thanks! You're subscribed, look for a confirmation email shortly."}

None
After using Null payload and Applied bruteforce getting 200 OK Response

Thank you for reading !! hope you get to learn some tricks.

Subscribe to the Shuttlertech YouTube channel for more of this type of content and to watch live POCs & To advance your career connect with me 1:1 over topmate . I will ensure you that I will write more interesting and knowledge-sharing writeups, to encourage me to follow me on medium and click the clap icon.

Disclaimer: My write-up comes from my own achievements & Some time from different Learning platforms Do not use this methodology without concern for the company. I am just sharing this for learning purposes.