WAF bypass by viehgroup This tweet describes an XSS bypass for CloudFlare WAF using the payload JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)&g ... November 21, 2024
WAF bypass by XssPayloads Two payloads for bypassing WAF in URL context have been shared by @BRuteLogic. The payloads are designed for XSS attacks. The ... November 21, 2024
WAF bypass by RoxyhunkPush The tweet suggests that bypassing a WAF (Web Application Firewall) without the Origin IP is fun and often easy. It mentions th ... November 21, 2024
WAF bypass by Joyerz5 A tweet suggesting to find the Origin IP as a potential WAF bypass technique. This technique aims to identify the real IP addr ... November 21, 2024
WAF bypass by Joyerz5 SQLmap was used to successfully bypass Ghauri WAF in this case by using the Origin Ip. It initially failed but was successful ... November 20, 2024
WAF bypass by BRuteLogic The tweet demonstrates an XSS bypass in URL context using HTMLi, Double Encoding, and Embedded bytes. The payload JavaScript:& ... November 20, 2024
WAF bypass by iqimpz Using character normalization to bypass WAFs is a common and effective technique for various vulnerabilities. This technique i ... November 20, 2024
WAF bypass by arthurair_es A bypass for Imperva WAF was discovered in the context of a Local File Inclusion (LFI) vulnerability. The WAF was blocking the ... November 19, 2024
WAF bypass by MaxiSoler The tweet mentions the use of the SSRF-Hacks-IP-Decimal Burp Suite extension for SSRF bypass attempts and WAF evasion testing. ... November 19, 2024
WAF bypass by MSTRBLSTR_music WAF and LB can introduce attackable surfaces with flaws, including authorization bypass. These flaws are not a panacea for com ... November 18, 2024
WAF bypass by harshad_hacker A new Burp Suite extension called SSRF-Hacks-IP-Decimal has been developed by @harshad_hacker. This extension converts IP addr ... November 18, 2024
WAF bypass by socialmanagercs Cloudflare's security protections were found to be vulnerable to XSS bypasses, allowing malicious users to exploit flaws ... November 16, 2024
WAF bypass by TaurusOmar_ The tweet is promoting SQLMapping with SQLMap Command Generator and Cheat Sheet for exploiting SQL Injections. This tool can b ... November 16, 2024
WAF bypass by OludareEzekiel9 Testing and bypassing WAF for XSS and Open Redirect vulnerabilities involves crafting payloads like <script>alert(1)< ... November 16, 2024
WAF bypass by hackwithmax A tool called REcollapse has been developed to assist in blackbox regex fuzzing to bypass validations and discover normalizati ... November 16, 2024
WAF bypass by bountywriteups The tweet mentions a list of payloads gathered from the internet that can bypass WAF. This is a general bypass for various typ ... November 15, 2024
WAF bypass by narendarram44 The tweet mentions a list of payloads that can bypass WAF gathered from the internet. This indicates that there are potential ... November 15, 2024
WAF bypass by garethheyes This tweet suggests using the 'onwaiting' event to bypass a WAF with an attribute blocklist for XSS attacks. The eve ... November 14, 2024
WAF bypass by m_parong An LFI bypass payload '../../../../../../etc/passwd' was used to bypass an unknown WAF. The payload allowed access t ... November 13, 2024
WAF bypass by neotrony The blog covers various tricks and techniques for XSS WAF bypass. It is a useful resource for bug bounty hunters and security ... November 13, 2024
WAF bypass by MatteoC68006921 The tweet mentions a WAF that filters all events starting with 'on'. An unconventional way to bypass this filter cou ... November 11, 2024
WAF bypass by CyberGhostOps The tweet mentions a WAF bypass for Sucuri WAF with a Proof of Concept link. For more information, visit the provided link and ... November 10, 2024
WAF bypass by NandanLohitaksh A bypass technique for path-based WAF restrictions has been discovered. By appending raw/unencoded non-printable and extended- ... November 9, 2024
WAF bypass by chux13786509 Hackers can bypass WAFs for SQL injection by injecting an Out-of-Band payload to expose the server's IP. This technique a ... November 9, 2024
WAF bypass by RodoAssis The tweet mentions that huge XSS payloads in POST requests did not help in bypassing Sucuri, Akamai, or Imperva WAF in prelimi ... November 8, 2024
WAF bypass by d4d89704243 A tweet mentioning a method to bypass path-based WAF restrictions using raw/unencoded non-printable and extended-ASCII charact ... November 8, 2024
WAF bypass by ksg93rd A Cloudflare WAF bypass for XSS vulnerability has been discovered. The payload used for the bypass is %2Bself[%2F*foo*%2F' ... November 8, 2024
WAF bypass by ScriptedAlchemy The tweet describes a Remote Code Execution (RCE) bypass technique using a proxy spinner, vercel as a reverse proxy, daisy-cha ... November 8, 2024
WAF bypass by MiniMjStar When bypassing a WAF, fuzzing characters and words can be an effective strategy to identify which ones are being blocked. By s ... November 7, 2024
WAF bypass by dropn0w The tweet describes a successful XSS bypass for a well-known WAF through trial and error testing to identify blocked character ... November 7, 2024