API Attacks - Unrestricted Resource Consumption

Hi,

Could anyone give me some advice regarding the task in this section? Hint for the task “Focus on the POST /api/v1/authentication/customers/passwords/resets/sms-otps endpoint.” doesn’t seem to fit very well in this section.
I tried fuzzing the SupplierCompaniesCertificatesOfIncorporations folder but found nothing.

1 Like

The hint is actually correct (you will need a valid customer email from previous sections), check the attack scenario #1 here: API4:2023 Unrestricted Resource Consumption - OWASP API Security Top 10

1 Like

Oh, i got it. Captured the flag. Thanks a lot.

1 Like

Go for a valid customer email not the suplier email. request for a reset password multiple times.

Nice. :smile: congrats