XSS Test is an incredibly common vulnerability, and while often appearing trivial, through modern exploitation techniques it can be used in a range of ways: from acting on behalf of application users, stealing identities in the application, redirecting traffic or even introducing fake content into a corporate website. Just as other exploits that have developed over the years, counter-measures have also been added. Unfortunately, attackers have adapted themselves too.
Spamming is the common issue found in the web apps. Mostly the modules of the application like notification sent on “email/phone” or operations performed like “database insertion/file creation on server” are the places where spamming can me done when vulnerable.
If the application is not able to identify the forged request and the same request is entertained by the application several times then the attacker can use it to spam a registered user or any user depending upon the applications behavior.
Below is the demo link and source to the spamming vulnerable app.