XVIDEOS: Lack of Rate Limiting on Account Creation Endpoint
Discription
The account creation process of www.xvideos.red was found to lack proper rate limiting mechanisms on the /account/signinform/premium_tour_login endpoint. This security flaw allowed for automated creation of multiple user accounts without any restrictions. The vulnerability could be exploited using tools such as Burp Suite's Intruder to generate a large number of fake accounts…Read More
References
Back to Main