Beautiful WAF bypass I just found:
Strips specific tags, including '<>'.
Blocks all event handlers.
So I used 'on<>load' instead. It che ...January 27, 2021
Cloudflare XSS Bypass
It appears there is a regex that only checks for the first occurrence of "on" followed by a word (e.g. /on\w+/m)
This allows mul ...January 25, 2021
If your IP address is not kept secret, attackers can bypass the CloudFlare network and attack your servers directly. To bypass the Cloudflare Web Appl ...January 25, 2021
#Cloudflare (servicio #WAF Web Application #Firewall) era vulnerable a un ataque Cross-Site Scripting (#XSS) utilizando un tag de SVG.
El “#bypass� ...January 22, 2021
Everything you need to know about web-application firewalls (WAF) ?
Awesome WAF: One of the greatest resources for learning how WAFs behave & how ...January 22, 2021
Se encuentra un ‘bypass’ de la protección contra XSS en CloudFlare: Cloudflare, el conocido servicio WAF (Web Application Firewall) utilizado por ...January 22, 2021
Everything you need to know about web-application firewalls (WAF) ?
Awesome WAF: One of the greatest resources for learning how WAFs behave & how ...January 22, 2021
? Everything you need to know about web-application firewalls (WAF) ?
Awesome WAF: One of the greatest resources for learning how WAFs behave & h ...January 20, 2021
3 ways to bypass WAF
1. Customize your payloads in order to bypass the rules in place.
2. Alter the requests in a proper way to disrupt the server. ( ...January 14, 2021
Just tried to hack one of my own sites and happy to confirm that it is protected from basic XXS attack using WAF. ?
2 mins of reading and I believe I ...January 12, 2021