How I Earned a Hall of Fame Spot at UNESCO by Bypassing 403 Forbidden
1 min read
Summary
Krunal Patel has detailed how he was able to access restricted resources on the UNESCO website and gain a “403 bypass”, resulting in a hall of fame spot and $1000 in prize money.
The ‘403 forbidden’ error is shown when a server understands the request but refuses to fulfil it.
Patel explains that successful bypasses can be achieved by manipulating how the server and request headers communicate, with a trick using the HTTP method.
This originality netted him a place on the hall of fame, as most hackers would try fuzzing payloads or SQL injection methods.
His winning methodology is explained in full on his blog, along with an explanation of the assumptions hackers rarely question when facing a 403 error.