[www.stripo.email] There is no rate limit for contact-us endpoints

Disclosed: 2020-05-26 10:35:33 By what_web To stripo

Low

Vulnerability Details

###Summary The speed limit for the *https://stripo.email/es/contact-us* endpoint has not been implemented. ###Steps To Reproduce 1. Go to the *https://stripo.email/es/contact-us* 2. Turn on blocking and fill out the contact form 3. Send request to Intruder. 4. Set your payloads and start attack. 5. There is no rate-limit. ###Proof of Concept {F799307} ###Fix Implement 429 status code for too many requests. ## Impact There is no rate limit for submitting an inquiry form.

Actions

View on HackerOne

Report Stats

Report ID: 856305
State: Closed
Substate: resolved
Upvotes: 45

[www.stripo.email] There is no rate limit for contact-us endpoints

Vulnerability Details

Actions

Report Stats

Share this report