Merge branch 'master' of https://github.com/daffainfo/AllAboutBugBounty

2025-01-29 14:25:03 +00:00 · 2021-02-03 21:16:50 +07:00 · 2021-02-03 21:16:50 +07:00 · 191cab1378
commit 191cab1378
parent 62b0ae8a61 3e09603c6b
1 changed files with 17 additions and 0 deletions
--- a/Captcha.md
+++ b/Captcha.md
@ -57,3 +57,20 @@ X-Forwarded-For: 127.0.0.1
 X-Remote-IP: 127.0.0.1
 X-Remote-Addr: 127.0.0.1
 ```
+
+6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+Try this to bypass
+```
+POST / HTTP 1.1
+Host: target.com
+[...]
+
+_RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123
+```