If you see a web application is trying to guess your search query (e.g. in search bar) and has a WAF on top of it, use mistyped words to easy trigger ...September 7, 2021
pFuzz is an advanced red teaming fuzzing tool which we developed for our research. It helps us to bypass web application firewall by using different m ...September 7, 2021
proving grounds - xposedapi
in this we gonna bypass waf with x-forwarded-for header and find a lfi vuln
and we send payload and /update it
after get ...September 7, 2021
Taking a piss atm just found a little bug in a site (sqli) just have to figure out how to bypass the stupid ass amazon/cloudflare sqli injection waf
...September 6, 2021
#bugbountyhelp
Anyone know how to bypass cloudflare?
Found LFI but cant load /etc/passwd like in page.
Cloudflare blocks request.
Tried /e?c/?asswd li ...September 6, 2021
Some WAF's blocks the payload if you send it from the GET parameter directly, but if you send it from the HTML DOM Field, you will bypass !!
The easi ...September 6, 2021
About CVE-2021-26084, if WAF block ScriptEngine, or check param queryString, you can try this https://t.co/LHhe2BLuCA
and write shell to ../confluenc ...September 4, 2021
About CVE-2021-26084
Someone silently make a pull request to Nuclei with my PoC. I don't want to talk about it because Nuclei have removed it already. ...September 4, 2021
????? ?? is a Passive (#OSINT) Automated #Reconnaissance
It can be used by #Infosec Researchers, Penetration Testers, Bug Hunters to find deep #inform ...August 30, 2021
Got an easy Cloudflare bypass with a simple XSS payload
"><img src=1 onmouseleave=print()>
Thought process:
1. WAF was checking event handl ...August 27, 2021