PHPJabbers Cleaning Business Software Rate Limiting Vulnerability in Forgot Password Feature

A denial-of-service vulnerability has been identified in PHPJabbers Cleaning Business Software version 1.0, stemming from a lack of rate limiting in the 'Forgot Password' feature. This flaw allows attackers to inundate a legitimate user's email with excessive password reset requests, potentially leading to email account disruption.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition for the affected user's email account, caused by an overwhelming volume of password reset emails.

Reproduction

To reproduce this vulnerability, access the 'Forgot Password' feature in PHPJabbers Cleaning Business Software version 1.0. Use an email address that is already registered on the site. After sending a password reset request, capture the request data with a tool like Burp Suite. This data can then be sent to the Intruder tab, where the request can be automated to send a large number of reset requests in a short period. Check the email inbox for the recipient to confirm the influx of reset emails.