Hello team, while i was testing on https://book.dansmonorage.blue/login i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field
Steps to reproduce:
go to https://book.dansmonorage.blue/login
Enter username and any password
Capture the request with burpsuite and start bruteforcing with our wordlist
POC Screenshot:
Patch recommendation:
Add ratelimit protecion on POST login endpoints/parameters