docs

vulnerability brute force
severity 7.3
language javascript
registry other

✍️ Description

Hello there, I discovered a brute force vulnerability that can lead to an account takeover

🕵️‍♂️ Proof of Concept

1) Go to https://demo.teedy.io/#/login
2) Enter invalid creds and capture the login request, send it to the burp intruder
3) Add password as position in the position tab
4) Add password list in the payload tab
5) Start the attack

If you get 200 OK status, it means the creds are valid, else it will show 403 which means invalid creds..

HTTP Request:
https://pastebin.com/Vb6Eb1dW

💥 Impact

This vulnerability is capable of...

References