Hello people! Hope you all are doing well.

I will explain in this article how I bypassed — 403 Forbidden in a web application :)

Let’s go!

What is Broken Access Control?

Imagine you have a secret diary with a lock on it. The lock is there to keep people from reading your private thoughts. In the world of computer systems and websites, access control is like that lock. It’s a way to make sure that only the right people can see or do certain things, like view their own personal information on a website.

Now, “broken” access control is like having a diary with a lock that doesn’t work properly. It means that even though there’s supposed to be a lock, some people can still sneak in and see things they’re not supposed to see. It’s a security problem because it means that sensitive information, like your personal diary entries or someone else’s private data on a website, can be accessed by the wrong people.

In the digital world, broken access control occurs when a website or application doesn’t properly enforce its rules about who can access what. It might allow unauthorized users to view, change, or delete information that should be off-limits to them. This can lead to privacy breaches, data leaks, and all sorts of problems.

As per Mozilla’s documentation, the HTTP 403 Forbidden response status code signifies that while the server comprehends the request, it declines to grant authorization for it.

However, if the access control mechanism in place is not robust, an attacker can circumvent the security measures and gain access to the restricted resource.

Bypassing 403 involves a lot of ways and we will see them one by one as follows:

1. Directory Traversal:

We can initially test if the application is vulnerable to directory traversal attacks. We typically include special characters or sequences (e.g., “../”) in input fields, such as URLs or file paths, to trick the application into granting access to files or directories outside of the web root. We will consider that our target website is redacted.com and…