Skip to content

Latest commit

 

History

History
11 lines (9 loc) · 390 Bytes

No Rate-limit on Promo.md

File metadata and controls

11 lines (9 loc) · 390 Bytes
Raw

No Rate-Limit on Promo

Steps To Reproduce:

    1. Go to URL - https://abc.target.com/product/121/checkout/promo
    1. Navigate to Offer/Promo/Coupon code option
    1. Enter the random digit
    1. Intercept the Request and Send to intruder
    1. Apply payload & Start attack

Impact :

  • Financial Loss, an attacker can easily bruteforce all promo/coupon/Offer codes.