Hey hunters! This writeup is related with my previous writeup. I’ll share with you how I was able to bypass 403 Forbidden. So, Let’s get start.
While hunting on private program I got 403 Forbidden on erp.redacted.com/plesk-stat.
I used directory listing dork. Not worked there. I did spider also via burp. Still I got that 403 Forbidden.🤔
I checked my template which I submitted to the nuclei and I got endpoints.
I append that endpoints, and voila! I got 200 OK.😄
anon_ftpstat, ftpstat, webstat-ssl, webstat
You can also use this command while recon.
cat target | httpx -path /plesk-stat/webstat -status-code -title