Bypassing 403 Forbidden Errors
|
|
|
||||||||||
Description:
The 403 Forbidden HTTP status code indicates that the client was able to communicate with the server, but the server won't let the client access what was requested. In the most general case, the resource the client tried to access might be forbidden using a path based Access Control List. In this video, Dedalo from http://seguridadblanca.org shows us an interesting way to bypass a 403 error. The main idea is to fool the access controller into believing that a different resource was requested, by using "./" in the path of the request. A detailed explanation of why this works is available here.
Thanks go out to Dedalo (camilo.galdos [] security-expert [] se) for submitting this video to us.
Thanks go out to Dedalo (camilo.galdos [] security-expert [] se) for submitting this video to us.