WAF bypass XXE by makelariss

Date: February 5, 2021Author: wafbypass

Here’s another writeup for a task I authored with @makelarisjr for @hackthebox_eu x UNI #CTF Quals.
? WAFfles Order consists of insecure deserialization due to a parser differential, leading to OOB XXE WAF bypass using XML encoding declarations.

https://t.co/7NevqoGawz https://t.co/TREkpnpF0l

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass XXE by makelariss