This tweet describes a unique approach to web application firewall (WAF) security using fractal-inspired rules to detect and block malicious traffic. ...December 21, 2024
The tweet describes a tool called ORedirectMe which scans URLs with parameters, injects various payloads, and validates whether redirections occur to ...December 21, 2024
The tweet mentions a tool called LFIer designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. It highlights features like ...December 21, 2024
The tweet discusses the importance of understanding Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) in bug bounty hunting. It hi ...December 20, 2024
A bypass for Razer's WAF has been identified that allows for Remote Code Execution (RCE) using the payload: javascript://%250athrow%20on{err}o}r= ...December 19, 2024
A tweet discussing the exploitation of integrated CDN/WAF to easily bring down global web applications with DDoS attacks. The misconfiguration of WAF ...December 19, 2024
The tweet mentions trying to bypass a WAF protected website by Cloudflare to get the origin IP. While the specific tool name is not mentioned in the t ...December 17, 2024
I discovered an HTTP smuggling issue with ambiguous Content-Length handling that allowed me to bypass the proxy server's WAF. This led to Denial ...December 16, 2024
The tweet highlights the importance of defense-in-depth in WAF protection. Attackers are chaining low-severity vulnerabilities to bypass WAFs entirely ...December 13, 2024
A blogpost about a WAF bypass through exploiting CDN Integrations has been discovered. This threat poses a risk to global web applications. More techn ...December 13, 2024
A recent study has revealed critical WAF misconfigurations with 36,000 backend servers exposed globally. This poses major risks for Fortune 1000 firms ...December 13, 2024
The tweet discusses a method to bypass IP restrictions and client authentication on the origin side by creating multiple tenants with the same origin ...December 12, 2024
The tweet discusses a widespread misconfiguration that impacts major WAF vendors like Akamai, Cloudflare, Fastly, and Imperva, leading to detection ev ...December 12, 2024
The tweet mentions advanced XSS payloads for Next.js which can potentially bypass the WAF. This is a critical vulnerability affecting the Next.js WAF. ...December 12, 2024
The tweet highlights the challenges faced in bypassing a new WAF within a short time frame. It emphasizes that even with a specialized team, bypassing ...December 12, 2024
When performing a WAF bypass using the origin IP address, you can add the IP address to Burp Network Connection 'Hostname resolution overrides� ...December 11, 2024
A major misconfiguration vulnerability has been discovered affecting top WAF vendors through CDN integrations. Attackers can exploit this flaw to bypa ...December 11, 2024
A tweet by @BRuteLogic highlights a XSS bypass payload that can be used in URL context. The payload is JavaScript:"<Svg/OnLoad=alert%25%0A26lp ...December 9, 2024
This tweet mentions the deployment of a bypass solution to distribute traffic to inline security tools such as SSL, IPS, WAF, and AntiDDoS. The projec ...December 9, 2024
The tweet mentions using a custom CDN WAF bypass as a temporary mitigation for customers while they fix their code. It emphasizes that customers pay f ...December 8, 2024
Python scripting is a versatile tool for WAF bypasses across all vendors. Its flexibility allows pentesters to create custom scripts for enumeration a ...December 8, 2024
The tweet mentions a WAF filter bypass related content. It is important for security professionals to stay updated with the latest bypass techniques. ...December 7, 2024
The tweet mentions using printf to bypass a WAF and receiving ANSI back in the terminal. This technique can be used for various types of vulnerabiliti ...December 7, 2024
A critical vulnerability in web application firewalls (WAFs) used by some of the world’s largest companies, including JPMorgan Chase, Visa, and Inte ...December 6, 2024
The tweet mentions a bypass using a link shortener to bypass a Web Application Firewall (WAF). This technique is interesting as it shows how a seeming ...December 6, 2024
The tweet describes a bypass using a Link Shortener to bypass a WAF. This bypass technique is not specific to any particular WAF vendor. The use of a ...December 6, 2024
The tweet suggests that there are multiple bypass techniques for WAFs, specifically mentioning SQL injection payloads like /**/. It also highlights th ...December 5, 2024
BreakingWAF is a widespread WAF bypass that claims to impact nearly half of Fortune 100 companies. The specific details of the bypass technique are no ...December 5, 2024
The Zafran Research Team has uncovered a critical misconfiguration in popular web application firewall (WAF) services including Akamai and Cloudflare. ...December 4, 2024