This is a POC for a bug bounty where the app uses a graphql endpoint for user managment. In this instance there is no rate limiting or target restrictions on emails that are sent for verification of email. This poses external risk for the company hosting it from abuse reports and as well a potential service degredation of the app itself, possibly even complete DoS.
sandershark / spam_poc Goto Github PK
View Code? Open in Web Editor NEWemail_spam_poc.py