daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Daffa / Update bypass captcha

pull/3/head
Muhammad Daffa 2021-02-02 16:51:10 +07:00 committed by GitHub
parent 8d34dc26d4
commit 3e09603c6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Bypass Captcha.md
View File

@ -57,3 +57,20 @@ X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1 X-Remote-Addr: 127.0.0.1
``` ```
6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
```
Try this to bypass
```
POST / HTTP 1.1
Host: target.com
[...]
_RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123
```