Hello fellow hacker friends,
I am facing a problem I have never been in before.
I found this bug on a website where I can write some html code in console (in browser web console) and then I am able to see the whole backend (admin dashboard appears).
Now, with that said, I cannot see any information as of course my HTTP request are coming from outside their server ends up with a 403 Unauthorized.
Just wondering if anyone has ideas on how I could make this bug a higher level of severity, for example bypass 403, http smuggling, or just fuzzing new found admin directories (I did a bit but all end up 403). This is new type of bug for me not 100% sure how to explorer this one any further.