Bypass 403 (Forbidden)

dEEpEst · April 9

# Bypass 403 (Forbidden)

1. Using "X-Original-URL" header

```

GET /admin HTTP/1.1

Host:

This is the hidden content, please

```

Try this to bypass

```

GET /anything HTTP/1.1

Host:

This is the hidden content, please

X-Original-URL: /admin

```

2. Appending **%2e** after the first slash

```

This is the hidden content, please

=> 403

```

Try this to bypass

```

This is the hidden content, please

=> 200

```

3. Try add dot (.) slash (/) and semicolon (;) in the URL

```

This is the hidden content, please

=> 403

```

Try this to bypass

```

This is the hidden content, please

=> 200

This is the hidden content, please

=> 200

This is the hidden content, please

=> 200

This is the hidden content, please

=> 200

This is the hidden content, please

=> 200

This is the hidden content, please

=> 200

```

4. Add "..;/" after the directory name

```

This is the hidden content, please

```

Try this to bypass

```

This is the hidden content, please

```

5. Try to uppercase the alphabet in the url

```

This is the hidden content, please

```

Try this to bypass

```

This is the hidden content, please

```

6. Via Web Cache Poisoning

```

GET /anything HTTP/1.1

Host:

This is the hidden content, please

X-Original-URL: /admin

```

## Tools

* [Bypass-403 | Go script for bypassing 403 forbidden]

This is the hidden content, please

whoswhonow · April 19

thank you for this wonderful technique , im trying to bypass 403 forbidden but it wont let me

dEEpEst · April 19

15 hours ago, whoswhonow said:

thank you for this wonderful technique , im trying to bypass 403 forbidden but it wont let me

Sign In

Bypass 403 (Forbidden)

Recommended Posts

dEEpEst

Link to comment

Share on other sites

whoswhonow

Link to comment

Share on other sites

dEEpEst

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Store

Important Information