Hey hunters! This writeup is related with my previous writeup. I’ll share with you how I was able to bypass 403 Forbidden. So, Let’s get start.

While hunting on private program I got 403 Forbidden on erp.redacted.com/plesk-stat.

403 Forbidden

I used directory listing dork. Not worked there. I did spider also via burp. Still I got that 403 Forbidden.🤔

I checked my template which I submitted to the nuclei and I got endpoints.

Time to bypass

I append that endpoints, and voila! I got 200 OK.😄

anon_ftpstat, ftpstat, webstat-ssl, webstat

200 OK

So decided to share it with dirsearch and I had contributed. And they added my endpoints in their list. This tool is now available in official Kali Linux packages.

You can also use this command while recon.

cat target | httpx -path /plesk-stat/webstat -status-code -title

Some references for bypass 403.

Bypass403, bypass4xx, DirDar

Check this tweet.

Thank you for Reading! 😊

Instagram: th3.d1p4k

Twitter: Dipak Panchal

Bug hunter | CCSE