A bypass for a 403 Forbidden error on a subdomain was found using the x-forwarded-host Header. This bypass trick allows the WAF to be bypassed in a cool way. More details can be found in the tweet provided.
Tip:
I found one subdomin 403 forbidden
When i try bypass in every way , i found x-forarwed-host Header it work and bypass waf but with cool trick(1/2) https://t.co/B5o4ZCABHo
— Abdelhy khaled? (@cysky0x1) March 9, 2024