search

No Rate-limit on Promo

hashtag
Steps To Reproduce:

    1. Go to URL - https://abc.target.com/product/121/checkout/promo

    1. Navigate to Offer/Promo/Coupon code option

    1. Enter the random digit

    1. Intercept the Request and Send to intruder

    1. Apply payload & Start attack

hashtag
Impact :

  • Financial Loss, an attacker can easily bruteforce all promo/coupon/Offer codes.

PreviousNo Rate-limit on Invite UserNextNo Rate-limit on Verify-email

Last updated

Was this helpful?