WAF bypass by justm0rph3u5

Date: July 1, 2022Author: wafbypass

I was able to bypass @azure WAF with OWASP 3.2 Managed Rule Set using bash standard wildcards.

Example: If we want to execute cat /etc/passwd command, the we can use /bin/cat /et?/passwo?d

The issue was fixed last year on 16 Jul 2021. No bounty was awarded. https://t.co/xbMmH1KWgE

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools