Description:
The 403 Forbidden HTTP status code indicates that the client was able to communicate with the server, but the server won't let the client access what was requested. In the most general case, the resource the client tried to access might be forbidden using a path based Access Control List. In this video, Dedalo from
http://seguridadblanca.org shows us an interesting way to bypass a 403 error. The main idea is to fool the access controller into believing that a different resource was requested, by using "./" in the path of the request.
A detailed explanation of why this works is available here.Thanks go out to Dedalo (camilo.galdos [] security-expert [] se) for submitting this video to us.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: