300$ P3 Easy Bug in 30 Seconds

Hello Everyone,

I’m Omar Hamdy (Seaman), Today I am going to explain one of the coolest and easiest bugs which I found on Private Program in Bugcrowd.

let’s start,

I had a private program, let’s call it redacted.com

I started the Recon stage and extracted the Sub-domains

I Found a subdomain caught my attention :

admin.conversation.redacted.com

While accessing it I got a 403 error on that page. So I thought why not to give a shot to bypass that 403 error after that, I perform some techniques to bypass that 403 error.

Finally, I succeeded in Bypass it.

To bypass this, I Changed the protocol from http to https so that the link becomes like this:
https://admin.conversation.redacted.com

Steps to Reproduce :

1. Go to : admin.conversation.redacted.com, You will get 403 error on this page
2. Change the protocol from http to https so that the link becomes like this:
   https://admin.conversation.redacted.com
3. You will access the Admin UI successfully

Thanks for reading ☺

Follow me on twitter @seaman00o