I'm attempting this particular CTF challenge, and I'm getting a 403 error for the favicon.ico resource.
I've tried using GET, POST, HEAD requests, but it doesn't work. I also tried changing the host to google.com, amazon.com and send the requests (via Postman). I'm pretty sure the favicon will contain a flag, but I'm not sure how to get past this.
The website url is of the form - redacted.com/dev/start?q=sqlite_query_here
I've already used SQLite injection to get the flag on this URL, but I'm not sure how to get past the 403 forbidden error.
Does anybody have any guidance for me? I watched a couple of Youtube videos and https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypasses, but haven't made any headway.
[link] [comments]
from hacking: security in practice https://ift.tt/d3Mof2H
Comments
Post a Comment