Unlimited Emails: A Bug That Let Me Spam Anyone =>$250

A bug bounty hunter has highlighted a vulnerability common in mailing services which allows for unlimited emails to be sent to any inbox, which could be used for hacking domains or causing denial of service for email infrastructure.
In order to justify its lack of oversight, the hunter suggests that the information given to users when they ask for a confirmation email (to verify a new account, for example) could be improved so that users aren’t tempted to spam the system with endless requests.
As things stand, attackers could abuse the lack of rate limiting on some endpoints to damage domain reputation, consume server resources and send vast numbers of emails to any inbox.
The vulnerability was discovered on a endpoint at https://app.target.com/confirm-email, and the issue has since been fixed.

Fast Feed