| Titel | Rate limiting on creating user in online shopping portal |
|---|
| Beschreibung | # Exploit Title: Online Shopping Portal Project - rate limiting while registration user with same details
# Exploit Author: Ritik Dewan
# Vendor Name: ANUJ KUMAR
# Vendor Homepage: http://phpgurukul.com/shopping-portal-free-download/
# Software Link: http://phpgurukul.com/shopping-portal-free-download/
# Tested on: Windows 11, Apache
Description: A multiple account is created with same details
Vulnerable Parameter:
q=0.9
Payload:
brute forcer
Steps:
1) go to login page
2) enter the details for registration in portal
3) after entering details like full name, email, contact no, password hit enter for create account
4) Now capture the request & send it to intruder & do forward the request & close the intercept
5) you can see that you have created a user successfully
6) now go to intruder & set attack type a sniper and add q=$0.9$ & chose brute forcer payload and click on start attack
7) you will receive 200 Ok response and a message that user create successfully with same details. |
|---|
| Benutzer | dewanritik (UID 33804) |
|---|
| Einreichung | 10.07.2023 19:32 (vor 3 Jahren) |
|---|
| Moderieren | 10.07.2023 21:27 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 233467 [PHPGurukul Online Shopping Portal 1.0 Registration Page Information Disclosure] |
|---|
| Punkte | 17 |
|---|