No Rate-limit on Promo

Steps To Reproduce:

1. Go to URL - https://abc.target.com/product/121/checkout/promo
1. Navigate to Offer/Promo/Coupon code option
1. Enter the random digit
1. Intercept the Request and Send to intruder
1. Apply payload & Start attack

Impact :

Financial Loss, an attacker can easily bruteforce all promo/coupon/Offer codes.

PreviousNo Rate-limit on Invite User NextNo Rate-limit on Verify-email

Last updated 1 year ago

Was this helpful?