A bypass for Imperva WAF was discovered in the context of a Local File Inclusion (LFI) vulnerability. The WAF was blocking the standard traversal payload of '../../../', but by modifying the payload to '../../a/../../ = ../../../', the bypass was successful. This allowed the attacker to go back to more directories and load files. For more technical details and analysis, check out the blog post.
Earlier today I encountered an LFI in a Windows application and the machine was behind an Imperva WAF
Imperva was blocking ../../../, but by simply changing the payload to ../../a/../../ = ../../../ I was able to bypass the WAF block and go back to more directories to load files
— arthur aires (@arthurair_es) November 18, 2024