))
Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover
Manage episode 473767692 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions.
In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently.
Chapters:
00:00 - INTRO
01:18 - FINDING #1 – The 403 Bypass That Led to Full Admin Control
08:17 - FINDING #2 – Smuggling Requests, Hijacking Responses
16:35 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. INTRO (00:00:00)
2. FINDING #1 – The 403 Bypass That Led to Full Admin Control (00:01:18)
3. FINDING #2 – Smuggling Requests, Hijacking Responses (00:08:17)
4. OUTRO (00:16:35)
9 episodes
Share
