No rate limiting in starting up a bot.
State Resolved (Closed)
Disclosed publicly 2018-10-09T03:59:38.038Z
Reported To
Weakness none
Bounty $100
Collapse


Timeline
submitted a report to Chaturbate .
2018-10-03T12:36:46.815Z

hi security team,
I was able to start up a bot numerous times.

  1. Goto https://chaturbate.com/b/username
  2. Choose a bot and capture the request.
  3. Send to intruder and repeat the step numerous times.
  4. I did this 196times 5.I was able to activate a bot numerous times
  5. My room was flooded with message which i will show your in the screenshot below. Thanks.

Impact

Bruteforcing.

Regards,
Frans

williammmllc Activities::ReportSeverityUpdated
2018-10-04T21:28:00.447Z


williammmllc Activities::BugTriaged
2018-10-04T21:28:03.327Z
Thanks for the report, there's no real harm here but we'll add a limit.


williammmllc Activities::ReportSeverityUpdated
2018-10-04T21:28:10.457Z


Activities::BountyAwarded
2018-10-04T21:28:32.603Z


cunn Activities::Comment
2018-10-04T22:22:14.997Z
Thanks for the bounty sir. I'm grateful


williammmllc Activities::BugResolved
2018-10-06T00:05:37.354Z
This is now resolved, can you confirm? Thanks again for the report!


cunn Activities::Comment
2018-10-06T06:55:10.905Z
Good job sir. i could confirm the fix. Can we disclose this now?


williammmllc Activities::AgreedOnGoingPublic
2018-10-07T00:17:32.209Z
Sure


cunn Activities::Comment
2018-10-07T00:21:44.798Z
Yeah


williammmllc Activities::ManuallyDisclosed
2018-10-09T03:59:37.985Z