Today i found a cool personal website and i was really wondered with the design, While seeing the other pages, i found that the admin used ajax calls for the testimonial kind of section, after digging the console i found that it was unsecured ajax call.
I tried to post the data from form and it worked, then i posted via to postman client and post suceeded.
Then i collected the address, and form attributes and methods and planed to attempt the call with yet another simple call of my own.
Amazing it worked, then i planned to have post with iteration, I planned with 10 and then tried with some big numbers,
I got all the responses posted and then the target user got Internal Server Error in another few minutes, then throw error -> exceeded maximum connections.
Here’s the code that i tried with
Moral :
Never believe anonymous users !