The tweet mentions 6 modern techniques for WAF bypass related to XSS. These techniques include Context-Aware Encoding, Polyglot Payloads, DOM-based At ...June 3, 2025
This tweet highlights various techniques for bypassing Web Application Firewalls (WAF), including context-aware encoding, polyglot payloads, DOM-based ...June 3, 2025
A visual showcasing advanced SQL injection (SQLi) WAF bypass payloads has been released. These payloads compile rare and evasive techniques into a cle ...June 3, 2025
The tweet mentions bypassing the WAF of Fortinet. It indicates a potential vulnerability in the Fortinet WAF. Would you like me to provide more detail ...June 2, 2025
The tweet mentions a cheatsheet for bypassing WAF using Full-Width Symbols. This can be useful for bypassing different types of WAFs. It is recommende ...June 2, 2025
A tweet discussing a WAF bypass technique for XSS and CRLF vulnerabilities using a full-width version of symbols. This bypass can potentially affect v ...June 1, 2025
The tweet discusses XSS WAF bypass techniques using Unicode and invisible character tricks for educational purposes. The techniques involve manipulati ...June 1, 2025
A new XSS WAF bypass technique has been discovered that involves using invisible separators before or after a function name. This technique can bypass ...June 1, 2025
The tweet mentions the issue of false positives in web application firewalls (WAFs) leading to a bad user experience. It also hints at the existence o ...May 31, 2025
A new XSS WAF bypass technique has been discovered using invisible separators before or after the function name. The payload <img/src/onerror=alert ...May 30, 2025
The tweet mentions a bypass technique for a WAF but does not provide specific details about the vulnerability type, bypass payload, or WAF vendor. It ...May 30, 2025
The tweet suggests adding specific IPs to the system bypass in Vercel to fix a potential WAF bypass. This approach may allow certain IPs to bypass the ...May 29, 2025
The tweet suggests a complex and nested SQL injection payload used to retrieve information. The payload uses an unconventional approach with nested SE ...May 28, 2025
The tweet does not provide specific details about the WAF bypass. If you have more information or a specific bypass to analyze, please provide it.
Che ...May 28, 2025
The tweet discusses the importance of understanding specifications for effective defense against vulnerabilities, mentioning that some products have f ...May 28, 2025
The tweet describes a scenario where an endpoint allowed PDF uploads without authentication, but other types of uploads were blocked by the WAF (Web A ...May 28, 2025
In this tweet, the user mentions that insufficient encoding on GET and POST parameters is a common reason for bypassing WAFs and simple firewalls, esp ...May 25, 2025
The tweet mentions starting to write hacking stories and includes links to Vietnamese and English content. It seems to be related to bypassing firewal ...May 24, 2025
The tweet mentions the lack of urgency in addressing XSS vulnerabilities due to the presence of a WAF. It highlights the misconception that WAF alone ...May 24, 2025
The tweet suggests encountering WAFs like Cloudflare and Akamai that are posing a challenge in mastering WAF bypass for XSS vulnerabilities. The user ...May 24, 2025
A simple XSS bypass was discovered for various WAFs using the payload JavaScript%09:alert(1). This payload triggers a basic JavaScript alert(1) functi ...May 24, 2025
Crafting a payload that can bypass WAF for XSS vulnerabilities can be challenging. The use of a 'pickle' payload can sometimes be effective ...May 24, 2025
ZenRows provides a web scraping tool that claims to bypass CAPTCHA and WAF using auto-rotating residential proxies. This can be a potential security c ...May 23, 2025
There are 3 critical flaws (CVE-2025-34025–27) in the Versa Concerto software that allow attackers to hijack systems through URL parsing, IP spoofin ...May 23, 2025
The tweet mentions using a socks5 free proxy for bypassing a Web Application Firewall. It is important to be cautious when using proxies, as they can ...May 22, 2025
Radware Cloud Web App Firewall has a vulnerability identified as CVE-2024-56523?56524 with a bypass filter. This highlights a fundamental weakness in ...May 21, 2025
A potential Local File Inclusion WAF bypass affecting Cloudflare was mentioned in a recent tweet. Further details about the bypass technique and any s ...May 19, 2025
AI Powered WAFs are increasingly being used to detect attacks, but they can still be bypassed with simple XSS payloads. A common bypass payload used i ...May 19, 2025
This tweet suggests a potential XSS bypass trick for various WAF vendors. The payload 'Night-owl XSS hunters! What’s your go-to WAF bypass tric ...May 19, 2025
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 is vulnerable to a critical WAF bypass vulnerability identified as CVE-2024-56523. Remo ...May 18, 2025