Just hit an interesting caching problem with Facebook. ?
FB injects a unique tracker "?fbclid=..." query string onto the URL, which causes the URL to ...April 2, 2022
This week I've had to mitigate a DDoS attack, email spoofing with 100k+ spam emails sent daily and today I woke up to a brute force login attack that ...April 1, 2022
What's the purpose of these headers in the leaked #SpringShell exploit? They are included in the POST payload using "{headername}".
Required to get a ...March 31, 2022
#bypass WAF #vulnerability occurs when the user uploads an executable script file. This #vulnerability affected #Apache/2.4.52, #PHP/7.4.27 and #OpenS ...March 31, 2022
cloudflare bypass ?
<svg/onlol=lol onload=confirm(origin)>
looking like if you have a fake event handler before the real one it gets past it ...March 29, 2022
Got a parameter where I put the link of images and it renders So from that I got Blind SSRF but how to escalate because whenever I upload some differe ...March 26, 2022
Trick to bypass waf, so I found a param it was vuln to SQLi but CF was also there, then I tried to exploit the same param on app and it did work there ...March 25, 2022
PSA: Origin bypass yeeted by patch and red warning box
Ty @Cloudflare @Hacker0x01 for 3k
#TogetherWeHitHarder https://t.co/uhUV08UpVV ...March 23, 2022
Thoroughly enjoyed reading Cloudflare's response. Even listed all Okta event types critical for this investigation: user.account.reset_password, user. ...March 22, 2022
Cybercriminals are using advanced strategies to bypass traditional security and fraud defenses. How can you stop them? Glad you asked—watch our webi ...March 21, 2022
Have you found a Unrestricted file upload but the RCE is not possible due a cloudflare protection? This cloudflare bypass will works for you:
<?p ...March 19, 2022
My new fav tweet:
Imperva Web Application Firewall (WAF) POST Request Bypass https://t.co/mgPsmDV3Sl #Pentesting #WebSecurity #Infosec https://t.co/g ...March 16, 2022