Flood your Sayat.me friends with annoying opinions πΏ
Back when I was in college(2017, somewhere in my 1st year), Sayat.me was a cool site where people created their profiles and asked their friends on Instagram, etc to write an anonymous opinion about them.
One day, I curiously reviewed how they were allowing anonymous users to post opinions? Turns out it did not require any kind of login to post an opinion. Moreover, there's no rate limiting kinda stuff that can save a registered User's profile from getting spammed π§¨
I tried reaching out to Sayat.me's Founder, but did not receive a response
So I (Sameer) and Srijit decided to build visual POC about the vulnerability. You just enter a User's Sayat.me username, a text message, and the number of times you want it to be posted as an opinion on that User's Sayat.me page π
PS: This doesn't work anymore. Sayat.me probably fixed it...
Previously we used floodsayat.me but the student license got expired :(
You can still check out the site on https://floodsayat.herokuapp.com/
May this inspire young hackers!
Sameer Kumar - Backend stuff
Srijit Madhavan - Frontend stuff