.png)
8 months ago
49 BOOK THIS SPACE FOR AD
ARTICLE AD
Greetings, hackers! I am Pushkar a Security researcher from India, and I am excited to share to present my discovery.
This blog aims to explain how attackers exploit security misconfigurations to access restricted functions. Despite its simplicity in hindsight, pinpointing the vulnerability required considerable time and effort.
As an unauthenticated user, I accessed functionalities reserved for internal administrators. These included viewing users, projects, logs, and access tokens.
This request shows normal behavior
and returns 401 Unauthorized.
Normally a client can’t access /application-tokens directory because of front nginx server which returns 401.
But we can use X-Rewrite-Url or X-original-url because back server processes these headers and front server doesn’t.
Bypass front server restrictions and access to forbidden files and directories.
If the path is protected you can try to bypass the path protection using these other headers:
X-Rewrite-Url: /X-Original-Url: /Can find bypass here hacktricks.
Happy Hacking.!
Follow me on linkedin : Pushkar
Follow me on Instagram : Pushkar
Bengali (Bangladesh) · 
English (United States) ·