WAF bypass by systemDumb

Date: February 4, 2022Author: wafbypass

When testing for command injection, I ran into a WAF blocking pretty much every major Linux command. $() and ${} were blocked.

To get around it I ended up using: `a=ca;b=t;$a$b /et*/p*s*wd`

Luckily it didn’t block bash variables or backticks ?

#waf #bypass #injection

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools