Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneVaaliciH1:906226
HistoryJun 23, 2020 - 4:04 p.m.

Courier: disable test send feature if user's email address isn't verified

2020-06-2316:04:24
vaalici
hackerone.com
141
JSON

Summary:

There is no mechanism to limit the request in places while send the preview email

Steps To Reproduce:

There is a weak account registration process, which allow user to register and login without any email confirmation.
L’say say for example that i’m the user A that want to send a phishing email or perform DOS against a targeted user

  1. Registration process by using the victim email address
  2. Craft the email example
  3. Proced with the sent to me functionality to try the email send
  4. Intercept the request with a Proxy (Burp)
  5. Resend the request any times you want

Supporting Material/References:

CWE-400: Uncontrolled Resource Consumption
https://cwe.mitre.org/data/definitions/400.html

Below i have attached the evidence for the POC

Impact

The most common result of resource exhaustion is denial of service.

JSON