A new WAF bypass technique was discovered using ProxyChains to evade IP rate limits and the –hex option to obfuscate the payload. This technique was successfully tested on a shopping website with a massive database of external sites. No risk or level flags were required for this bypass. Security researchers should take note of this method and vendors should consider enhancing their WAF protections to mitigate such bypasses.
Original tweet: https://twitter.com/coffinxp7/status/1918526808187662805