Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - Authentication
Authentication Bypass2-Factor Authentication (2FA) BypassCAPTCHA Bypass - X-Forwarded-ForLack of Password ConfirmationLack of Verification EmailMail Bombing in the Contact FormMissing brute-force protection for two-factor authenticationNo Rate Limiting on a FormNo Rate Limiting or Captcha on Login PagePassword Cracking for Common/Weak Passwords when Password Policy is WeakUsername/Email Address EnumerationUsing Default Credentials Weak 2FA ImplementationWeak Login FunctionWeak Password PolicyWeak Registration Implementation over HTTP
Toggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V2 - Authentication

Mail Bombing in the Contact Form

POC

1. Send a form and intercept the request with Burp


2. Send the request to intruder


3. Repeat sending the same request 20-30 times


4. Go to the mailbox and observe all of these messages are sent which can create a Denial of Service



Impact

Low



Likelihood

Medium-Low


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped