Embedding payloads in credentials is an effective way to bypass WAF detection. When credentials are included in URLs, they are often ignored by WAFs, ...December 4, 2024
20% of Fortune1000 companies fail to properly configure their CDN-WAF solutions, leading to a widespread WAF bypass that can allow DDoS attacks or exp ...December 4, 2024
A bypass has been discovered for Amazon Cloudfront WAF using the %ff%00%ff sequence. This sequence terminates the string and stops the WAF scanning, a ...December 4, 2024
The tweet mentions the importance of including a link to online test pages to demonstrate that a WAF bypass works. It highlights that a bypass does no ...December 2, 2024
The tweet mentions a bypass using the payload 'exercises but brute gym' for CDN WAFs like Akamai. This bypass seems to be effective in under ...December 2, 2024
It seems like @RodoAssis is interested in famous CDN WAF tests and payloads for bypassing whitelist/blacklist. Let's explore some of these techni ...December 2, 2024
A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypas ...December 1, 2024
This tweet provides a Nuclei template that can be used for SSRF scanning and WAF bypass. The template can be utilized for security testing purposes. F ...December 1, 2024
A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The bypass payload is <details open ontoggle=alert(document.cookie)>. ...November 29, 2024
A new XSS bypass for Cloudflare WAF has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypas ...November 29, 2024
The tweet mentions tricks to obfuscate alert, confirm, and prompt dialogs in order to bypass a filter or WAF for XSS attacks. The provided ebook may c ...November 28, 2024
This tweet mentions a common scenario where someone is looking for a way to bypass a Web Application Firewall (WAF) or the 403 Forbidden error. It hig ...November 27, 2024
A new XSS WAF bypass for Cloudflare has been discovered by xss0r. The payload used for bypass is <details open ontoggle=alert('xss0r' ...November 27, 2024
An interesting discovery has been made in a widely used framework that allows manipulation of the router to bypass specific filters/WAF or completely ...November 27, 2024
Two JavaScript payloads for bypassing WAF in URL context have been discovered. The first payload is "<Svg/OnLoad=alert%252526lpar;1)>" ...November 27, 2024
This XSS bypass payload utilizes the JavaScript import function to execute an alert(origin) function. The use of Unicode encoding in the payload (\
ht ...November 26, 2024
ChatGPT has been used to test the effectiveness of bypassing the top 3 WAF vendors. The payload used in this test is 'How fast ChatGPT can bypass ...November 25, 2024
A Burp extension has been developed to evade TLS fingerprinting, allowing users to bypass WAF and spoof any browser. This tool can be used to modify a ...November 25, 2024
The tweet mentions learning cool techniques of WAF Bypass from @3nc0d3dGuY and @assetnote while retesting on HackerOne. It shows appreciation for thei ...November 23, 2024
The tweet does not provide specific information about the WAF bypass techniques used. It is important to have more details about the vulnerability typ ...November 23, 2024
The tweet discusses an error-based SQL Injection WAF bypass by @c0nqr0r. The bypass payload used is Error-based SQL Injection. The vendor of the WAF i ...November 22, 2024
The tweet mentions hunting bugs using error-based SQL injection (SQLi) to bypass a Web Application Firewall (WAF) without automation. The tweet highli ...November 22, 2024
A blog post should be made about this bypass as it highlights a vulnerability in file upload validation through Multipart Parsers. The post should dis ...November 22, 2024
A new SSRF vulnerability has been discovered in Cloudflare's rocketloader nuclei template. This vulnerability can be exploited to find the origin ...November 22, 2024
This tweet describes an XSS bypass for CloudFlare WAF using the payload JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>". The technique ...November 21, 2024
Two payloads for bypassing WAF in URL context have been shared by @BRuteLogic. The payloads are designed for XSS attacks. The first payload is JavaScr ...November 21, 2024
The tweet suggests that bypassing a WAF (Web Application Firewall) without the Origin IP is fun and often easy. It mentions that it requires some effo ...November 21, 2024
A tweet suggesting to find the Origin IP as a potential WAF bypass technique. This technique aims to identify the real IP address behind the WAF prote ...November 21, 2024
SQLmap was used to successfully bypass Ghauri WAF in this case by using the Origin Ip. It initially failed but was successful with the mentioned techn ...November 20, 2024