Everyone should read this writeup by @securityfu on how to bypass an AWS WAF by adding 8kb of data before your payload. I’ve never seen an AWS WAF bypass that still works until now. I was able to send ../../ to an app im testing. https://t.co/EcjlkqW6Yk
Subscribe for the latest news: