This tweet mentions a bug related to access to the Origin IP, which can potentially lead to a WAF bypass. The bug bounty was rewarded with a monetary ...December 21, 2024 — 0 Comments
This tweet describes a unique approach to web application firewall (WAF) security using fractal-inspired rules to detect and block malicious traffic. ...December 21, 2024 — 0 Comments
The tweet describes a tool called ORedirectMe which scans URLs with parameters, injects various payloads, and validates whether redirections occur to ...December 21, 2024 — 0 Comments
The tweet mentions a tool called LFIer designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. It highlights features like ...December 21, 2024 — 0 Comments
The tweet discusses the importance of understanding Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) in bug bounty hunting. It hi ...December 20, 2024 — 0 Comments
A bypass for Razer's WAF has been identified that allows for Remote Code Execution (RCE) using the payload: javascript://%250athrow%20on{err}o}r= ...December 19, 2024 — 0 Comments
A tweet discussing the exploitation of integrated CDN/WAF to easily bring down global web applications with DDoS attacks. The misconfiguration of WAF ...December 19, 2024 — 0 Comments
The tweet mentions trying to bypass a WAF protected website by Cloudflare to get the origin IP. While the specific tool name is not mentioned in the t ...December 17, 2024 — 0 Comments
I discovered an HTTP smuggling issue with ambiguous Content-Length handling that allowed me to bypass the proxy server's WAF. This led to Denial ...December 16, 2024 — 0 Comments
The tweet highlights the importance of defense-in-depth in WAF protection. Attackers are chaining low-severity vulnerabilities to bypass WAFs entirely ...December 13, 2024 — 0 Comments
A blogpost about a WAF bypass through exploiting CDN Integrations has been discovered. This threat poses a risk to global web applications. More techn ...December 13, 2024 — 0 Comments
A recent study has revealed critical WAF misconfigurations with 36,000 backend servers exposed globally. This poses major risks for Fortune 1000 firms ...December 13, 2024 — 0 Comments
The tweet discusses a method to bypass IP restrictions and client authentication on the origin side by creating multiple tenants with the same origin ...December 12, 2024 — 0 Comments
The tweet discusses a widespread misconfiguration that impacts major WAF vendors like Akamai, Cloudflare, Fastly, and Imperva, leading to detection ev ...December 12, 2024 — 0 Comments
The tweet mentions advanced XSS payloads for Next.js which can potentially bypass the WAF. This is a critical vulnerability affecting the Next.js WAF. ...December 12, 2024 — 0 Comments
The tweet highlights the challenges faced in bypassing a new WAF within a short time frame. It emphasizes that even with a specialized team, bypassing ...December 12, 2024 — 0 Comments
A new XSS bypass technique was discovered for AWS WAF. The payload <script>alert('XSS bypass')</script> successfully evades the ...December 11, 2024 — 0 Comments
When performing a WAF bypass using the origin IP address, you can add the IP address to Burp Network Connection 'Hostname resolution overrides� ...December 11, 2024 — 0 Comments
A major misconfiguration vulnerability has been discovered affecting top WAF vendors through CDN integrations. Attackers can exploit this flaw to bypa ...December 11, 2024 — 0 Comments
A tweet by @BRuteLogic highlights a XSS bypass payload that can be used in URL context. The payload is JavaScript:"<Svg/OnLoad=alert%25%0A26lp ...December 9, 2024 — 0 Comments
This tweet mentions the deployment of a bypass solution to distribute traffic to inline security tools such as SSL, IPS, WAF, and AntiDDoS. The projec ...December 9, 2024 — 0 Comments
The tweet mentions using a custom CDN WAF bypass as a temporary mitigation for customers while they fix their code. It emphasizes that customers pay f ...December 8, 2024 — 0 Comments
Python scripting is a versatile tool for WAF bypasses across all vendors. Its flexibility allows pentesters to create custom scripts for enumeration a ...December 8, 2024 — 0 Comments
The tweet mentions a WAF filter bypass related content. It is important for security professionals to stay updated with the latest bypass techniques. ...December 7, 2024 — 0 Comments
The tweet mentions using printf to bypass a WAF and receiving ANSI back in the terminal. This technique can be used for various types of vulnerabiliti ...December 7, 2024 — 0 Comments
A critical vulnerability in web application firewalls (WAFs) used by some of the world’s largest companies, including JPMorgan Chase, Visa, and Inte ...December 6, 2024 — 0 Comments
The tweet mentions a bypass using a link shortener to bypass a Web Application Firewall (WAF). This technique is interesting as it shows how a seeming ...December 6, 2024 — 0 Comments
The tweet describes a bypass using a Link Shortener to bypass a WAF. This bypass technique is not specific to any particular WAF vendor. The use of a ...December 6, 2024 — 0 Comments
The tweet suggests that there are multiple bypass techniques for WAFs, specifically mentioning SQL injection payloads like /**/. It also highlights th ...December 5, 2024 — 0 Comments
BreakingWAF is a widespread WAF bypass that claims to impact nearly half of Fortune 100 companies. The specific details of the bypass technique are no ...December 5, 2024 — 0 Comments