daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update xff-403-bypass.yaml

patch-13
Prince Chaddha 2024-11-04 01:26:22 +05:30 committed by GitHub
parent eca628256f
commit 782c380b50
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/fuzzing/xff-403-bypass.yaml
View File

@ -7,7 +7,7 @@ info:
description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.
metadata:
max-request: 3
tags: fuzz,fuzzing
tags: fuzzing,xff-403-bypass
http:
- raw:
@ -15,6 +15,7 @@ http:
GET / HTTP/1.1
Host: {{Hostname}}
Accept: */*
- |
GET / HTTP/1.1
Host: {{Hostname}}
@ -25,5 +26,3 @@ http:
- type: dsl
dsl:
- "status_code_1 == 403 && status_code_2 != 403"
condition: or
# digest: 4b0a00483046022100d604fd662fc1f70df85d821c77dc004a6057b4dec83c0987665f26944f7c22ff022100b65077257980c7f5e27827fd59c1dfdede384dfe49cae028c8acd25e187e3e29:922c64590222798bb761d5b6d8e72950