WAF bypass by 0xInfection

Date: December 20, 2020Author: wafbypass

I just uncovered a crazy WAF bypass today.

Case: File Upload (.php blocked)

/?file=xx.php <- Blocked
/?file===xx.php <- Bypassed

The file got uploaded successfully.

I’m kinda still in a dilemma how it worked, but it does open up new possibilities around WAF bypassing. ?

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools