(Improper Access Control) 403 Forbidden Bypass

Hello guys it has been so long since I write for you 😅…

today I will talk about a nice bug I found on one of the VDPs I work with….
the vulnerability is 403 error code bypass with a nice trick🦾😎.

What is “403 forbidden error code”?

403 forbidden is an error that occurs when a user does not have access to a specific web-page. And if you a penetration tester you will face it when navigating to a page that requires administrator permissions or something like that. Bypassing these pages can yield access to admin or elevated privileges, and if reported can result in some great bounties. Today, I’ll till you about a little trick to bypass it.

Note: As soon as I do not have permissions to mintion the VDP details we will refer to the vulnerable domain as “test.example.com”

I started doing FUZZ on the test.example.com domain and found a couple of endpoints that were 403 Forbidden:

FFUF results

let’s check it on burp:

So let’s try to bypass the Access control and reach the admin😉…
I already had a research on the HTTP protocol and how to abuse it to make some fun with the web applications!
Tip1:
Change the HTTP protocol version to 1.0.
And I did not set any value in the header.
Tip2 :
When we do not put Host in the header if the server and any other security mechanism is not configured in the right way. It puts the destination address itself in the header, and this makes us known as local.

Mission Complete!💪🏻🫡

I hope you liked this clever tip!
Best Regards.
Mohammad Barakat.

Linkedin: https://www.linkedin.com/in/mohammed-barakat-170ba4174/