Admin Backend visible 403 Unauthorized

Hello fellow hacker friends,

I am facing a problem I have never been in before.
I found this bug on a website where I can write some html code in console (in browser web console) and then I am able to see the whole backend (admin dashboard appears).
Now, with that said, I cannot see any information as of course my HTTP request are coming from outside their server ends up with a 403 Unauthorized.

Just wondering if anyone has ideas on how I could make this bug a higher level of severity, for example bypass 403, http smuggling, or just fuzzing new found admin directories (I did a bit but all end up 403). This is new type of bug for me not 100% sure how to explorer this one any further.

Honestly if it was me I would attempt to bypass 403. It was a low success rate from what I’ve noticed but if it works, it’s definitely worth it. Also look into special HTTP headers and hop by hop headers.