Improper authentication (No Rate Limit on Forget Password)
So, in this blog I’m going to show you the demonstration of No Rate Limit Attack. I was testing on a private website unfortunately, I can’t reveal the name but you will learn or easily understand about this attack.
Rate limiting is a strategy for limiting network traffic. A rate limiting algorithm is used to check if the user session has to be limited based on the information in the session cache.
In case a client made too many requests within a given timeframe, HTTP-Servers should respond with status code 429: Too Many…
This is my first blog so, in this blog I’m gonna show you the Proper demonstration of Cross-Site Scripting attack in User-Agent header. I’m using a private website which i can’t reveal but you will learn or easily understand by this attack.
What is User-Agent ?
When your browser connects to a website, it includes a User-Agent field in its HTTP header. The contents of the user agent field vary from browser to browser. Each browser has its own, distinctive user agent. …