Hi I am Sairaj Dattu Thorat and I'm in 11th grade right now.. and few months ago I started my bug bounty journey and I wanted to make this moment memorable today that is why, I'm writing this article today.

Also special shout out to my friend Arnesh Vaidya and my mentors Vikram Varma and Shubham Deshmukh

So I'll just straight into what exactly did happened. So basically there was a file I found on the main domain which had 403 page. I looked somewhere on the internet that there are some 403 bypass methods I tried one "/" after the .php extension and boom I got 200 status code which turns out to be very critical to the company since it was the main domain.

Here are the screenshots-

403-

200-

And I reported this with proper impacts given with exploitation videoPOC and here's what I got-

Thank you so much for reading my article!