Improper authentication (No Rate Limit on Forget Password)


So, in this blog I’m going to show you the demonstration of No Rate Limit Attack. I was testing on a private website unfortunately, I can’t reveal the name but you will learn or easily understand about this attack.

Rate limiting is a strategy for limiting network traffic. A rate limiting algorithm is used to check if the user session has to be limited based on the information in the session cache.
In case a client made too many requests within a given timeframe, HTTP-Servers should respond with status code 429: Too Many…

Today XSS is often cited as the number-one security threat on the web

This is my first blog so, in this blog I’m gonna show you the Proper demonstration of Cross-Site Scripting attack in User-Agent header. I’m using a private website which i can’t reveal but you will learn or easily understand by this attack.

What is User-Agent ?

When your browser connects to a website, it includes a User-Agent field in its HTTP header. The contents of the user agent field vary from browser to browser. Each browser has its own, distinctive user agent. …

Syed Munib Ahmed

I’m a website penetration tester and also work with hackerOne and bugcrowd, Website Security is my life ^_^

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store