Skip to content

Commit f1d98f9

Browse files
KathanP19KathanP19
authored
Merge pull request KathanP19#196 from themarkib/patch-1
added new dos method
2 parents 2dddbf4 + 3d84365 commit f1d98f9

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

Application_Level_DoS/ALD_Methods.md

+25
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,27 @@ Search A's account from B's account either it will
4444
⚠️`it's not recommended using more than 5000 characters as password.`
4545
- Here is the [Password.txt](https://raw.githubusercontent.com/KathanP19/HowToHunt/master/Application_Level_DoS/Password.txt)
4646

47+
## 4. Permanent DOS to victim
48+
This is not Application Level DOS but a Permanent DOS to victim.
49+
In some website user get blocked after trying to loging in with wrong credidentials.We will untilize this feature as bug :D.
50+
51+
**How to check**.
52+
- Go to login page of example.com.
53+
- Now enter valid account email and wrong password .
54+
- Try to login with these details for few times(at least 10-20 times).You can use repeater or intruder in burpsuite.
55+
- If your account get blocked, check the blocking time period.If the blocking time period is more than 30 min .You can report it.
56+
57+
**Point to Remember**
58+
- Make sure there is no captcha during login because we cann't make any automated tool to loop the request.
59+
- Make sure Old session are expired after being blocked.
60+
61+
**What is priority of this bug?**
62+
- If the user get permanently block after some wrong attempts this is considered as P2.
63+
- If the user get temporarly block this is considered as P3/P4.
64+
65+
During report try to add impact by saying that you can permanently block user account by looping this request with some intervals.
66+
67+
4768
## Reference :
4869
\- Email Bounce Issues
4970
* [https://medium.com/bugbountywriteup/an-unexpected-bounty-email-bounce-issues-b9f24a35eb68](https://medium.com/bugbountywriteup/an-unexpected-bounty-email-bounce-issues-b9f24a35eb68)
@@ -58,6 +79,10 @@ Search A's account from B's account either it will
5879
- [https://medium.com/@shahjerry33/long-string-dos-6ba8ceab3aa0](https://medium.com/@shahjerry33/long-string-dos-6ba8ceab3aa0)
5980
- https://hackerone.com/reports/764434
6081

82+
\- Permanent DOS to victim
83+
- https://youtu.be/5drIMXCQuNw
84+
6185
## Author:
6286
* [Keshav Malik](https://twitter.com/g0t_rOoT_)
6387
* [Fani Malik](https://twitter.com/fanimalikhack)
88+

0 commit comments

Comments
 (0)