Hey hunters! This writeup is related with my previous writeup. I’ll share with you how I was able to bypass 403 Forbidden. So, Let’s get start.
While hunting on private program I got 403 Forbidden on erp.redacted.com/plesk-stat.
I used directory listing dork. Not worked there. I did spider also via burp. Still I got that 403 Forbidden.🤔
I checked my template which I submitted to the nuclei and I got endpoints.
I append that endpoints, and voila! I got 200 OK.😄
anon_ftpstat, ftpstat, webstat-ssl, webstat
So decided to share it with dirsearch and I had contributed. And they added my endpoints in their list. This tool is now available in official Kali Linux packages.
You can also use this command while recon.
cat target | httpx -path /plesk-stat/webstat -status-code -title
Instagram: th3.d1p4k
Twitter: Dipak Panchal
