Email spamming; Fixing email spamming

Token system can be used to avoid spamming. Using token , the server side code will be able to authorize the request before processing.

1. Create the token[long alphanumeric number] on page load on server side and send it to client where it will be a hidden input.
2. Create a session-variable and store the token value in it.
3. Client when requesting again will send the hidden input token with HTTP request.
4. On server side the session-variable token and the token from client side will be match.
5. If matched then process the request and create a new token again and also store it to session-variable.
6. if not matched the throw error message.

Try the application. Below is the Demo link and the source code.

Demo Download source

Spamming vulnerable application; Phone spamming; email spamming

Spamming is the common issue found in the web apps. Mostly the modules of the application like notification sent on “email/phone” or operations performed like “database insertion/file creation on server” are the places where spamming can me done when vulnerable.

If the application is not able to identify the forged request and the same request is entertained by the application several times then the attacker can use it to spam a registered user or any user depending upon the applications behavior.

Below is the demo link and source to the spamming vulnerable app.

Demo Download source