ApostropheCMS is a content management system (CMS) for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. This package lacks rate-limiting, which allows an attacker to brute-force admin login credentials.
ApostropheCMSby following these instructions https://docs.apostrophecms.org/getting-started/setting-up-your-environment.html
sudo npm i -g apostrophe-cli apos create-project test-project cd test-project npm i node app.js apostrophe-users:add admin admin node app.js
http://localhost:3000/loginand capture the POST request in Burp
An attacker is able to perfrom brute-force attack and find admin credentials.