.png)
12 hours ago
7 BOOK THIS SPACE FOR AD
ARTICLE ADHi folks,
This is my first writeup so if you found any mistakes please adjust.
So after picking up a program, I enumerate the subdomains and save in a file. To check the alive domains, tech and response code I run httpx. It gave me a lot of results. I choose one subdomain randomly and do the directory enumeration.
One directory was nginx_status which isn’t sensitive at all but it gave me a 403 response. So I try to bypass this with different techniques. You can automate this task also with this tool bypass-403.
So, one method worked: “X-Forwarded-For: 127.0.0.1:80.” After that, I tried brute-forcing more directories with this custom header, but that didn’t work. Then, I reported this as it is.
“When you found a bypass with the custom header try to dig more, it can reveal more sensitive info”
Timeline:
2024–09–12: Reported
2024–09–17: Triager mark this informative
2024–09–18: The program reopened my report after implementing a fix and rewarded me
2024–09–18: Mark as resolved.
![How to install Bug Bounty Hunting Tools on Linux and Windows by using Golang(Go)[ProjectDiscovery]](http://sec.ud64.com/site/assets/img/broken.gif)
Bengali (Bangladesh) · 
English (United States) ·