Member-only story
Description:
I was checking some mechanisms of my target website to understand how their rate limit works. First, I tested changing the email. When a user changes their email, a 6-digit PIN is sent to their primary email. For example, if your email was john@hacker.com and you changed it to rose@hacker.com, the OTP would be sent to john@hacker.com. Once confirmed, rose@hacker.com would become your new email
Discovery:
first I try to brute force the otp i use intruder first .but every 60 request i got rate limited for 30 secs . so i created a python script to automate this
https://github.com/republic101/test/blob/main/exploit.py
Exploit:
To test my theory, I created a simple Python script to automate the brute-force attack. The attack workflow was straightforward:
- Send multiple OTP verification requests until the rate limit kicked in.
2. Once blocked, use a bypass method to continue submitting requests without detection.
