No rate limit in affiliate statsapi endpoint
Low
Vulnerability Details
##Brute force at affiliate statsapi##
## Steps To Reproduce:
1. The affiliate stats api link is vulnerable to brute force
https:// chaturbate.com/affiliates/apistats/?username=hackeronetestchat&token=**vulnerable**
I've used my profile and and my token to check brute force
The correct token returned with 200 ok status
## Impact
An attacker could view the affiliates stats of an user
Actions
View on HackerOneReport Stats
- Report ID: 413505
- State: Closed
- Substate: resolved
- Upvotes: 12