Changing the capital and small letters in the endpoint can bypass Cloudflare WAF most times or bypass the rate limit on that endpoint. This vulnerability allows attackers to evade protection mechanisms by manipulating the case sensitivity of characters in the endpoint URL. It is important for Cloudflare users to be aware of this bypass and take necessary steps to mitigate the risk.
Original tweet: https://twitter.com/coffinxp7/status/1809213912216121737
Subscribe for the latest news: