.png)
3 years ago
176 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello to everyone, I hope you all are well in this pandemic.
Let's get straight to the bug :::::::: DDDD
So, I was hacking for example.com on Hackerone(Not literally :D), started with the basic recon process. As I was going through the fuzzed directories, I saw a URL:
https://example.com/nginx_status/
I went to the fuzzed endpoint but it was 403, so I started trying the bypasses for 200 response.
After a couple of minutes, I found one working bypass, which was adding a Header :
X-Forwarded-For: 127.0.0.1:80
So, I added the Header and after forwarding the request, I got 200 responses, and I was able to see the whole page with some configurations as well.
As soon as I got this bug, I submitted the report as “Forced Browsing”.
Timeline — — — ->
Jun 11th, 2021: Report Submitted
Jun 22nd, 2021: Report Triaged
Jun 24th, 2021: Bounty Awarded and I got happy AF !!!
Bengali (Bangladesh) · 
English (United States) ·