Unauthorised access to admin setpassword page BY bypassing 403 Forbidden

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to access the Admin setpassword page by just bypassing 403 Forbidden.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

TOOLS used for the exploitation

1. Subfinder (https://github.com/projectdiscovery/subfinder)

2. httpx (https://github.com/projectdiscovery/httpx)

Story of my first bounty:

This is the write of my Recent bug that i found . While I was doing recon for gathering all subdomain and resolving every domain I got an idea why not look for exposed admin and setpassword dashboard without any directory brute-forcing. So after thinking for a hour i got idea why not add my file and directory wordlist path in url and then resolve to see which all are resolving and if there any exposed admin panel.

Here it goes:

To gather all the subdomain i used subfinder

Command used:

subfinder -d target.com -silent

Now After gather all subdomain I want to add “/admin” to all the domain and resolve them to check for any exposed admin panel or admin setpassword dashboard.

--

--

Santosh Kumar Sha(@killmongar1996)

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha