Yesterday Me and my two of my friends hunting on target.com which is a hackerone target

Let's jump into the classic bypass of rate limiting

when go through my target ,when is signup with email which is asking for verification code to create the account fully on the target 🎯

Note : Each auth tokens are valid for 10 request and each token's live for 30 days

step to reproduce

  1. signup with victim account which will ask otp verify to verify the ownership

see there is Authorization Bearer token which is maintaining our session in middle of otp scnerio

Bug founded : Authorization Bearer token is not bounded with email which we are verifying

auth token != verify_email

2. Through this attacker can get multiple fake auth tokens two brute force the correct otp

3. Me and frnds collected fake auth tokens the i send multiple request with the rotation of auth tokens which cause bypass the rate limit after that i got otp for that victim account.

None

Happy Hacking !!!

If you more writeup just follow me

If you have question regarding the

writeup, put a comments below