Access control vulnerabilities
Special HTTP headers | HackTricks
# the back-end application is built on a framework that supports the X-Original-URL header
X-Original-Url: /admin
X-Original-Url: /admin/delete
Special HTTP headers | HackTricks
# the back-end application is built on a framework that supports the X-Original-URL header
X-Original-Url: /admin
X-Original-Url: /admin/delete