A new XSS bypass for Cloudflare WAF has been discovered. The payload 'OnXSS=<Img/Src/OnError=(alert)(1)>' successfully bypasse ...January 20, 2025
The tweet describes a successful bypass of SQL injection vulnerabilities in a target protected by a Web Application Firewall (WAF). Despite additional ...January 20, 2025
The tweet suggests applying SQL injection (SQLi) directly on the origin IP behind the WAF as an alternative to bypassing it. This method involves targ ...January 20, 2025
The tweet mentions the use of the --eval option for bypassing SQLi vulnerabilities that require complex WAF bypass payloads. It highlights the effecti ...January 20, 2025
The blog post by nishikawaakira discusses overcoming WAF bypass challenges when utilizing Amazon CloudFront with VPC Origins. This post explores the p ...December 29, 2024
Misconfigurations in WAF providers like Akamai, Cloudflare, and Imperva can allow attackers to bypass protections and access backend servers. This ena ...December 28, 2024
The tweet mentions a bypass for Akamai WAF using the payload 'pay for X Premium'. This indicates a potential vulnerability in Akamai WAF tha ...December 26, 2024
A Burp plugin has been developed for bypassing WAFs by inserting junk data. This plugin aims to evade web application firewalls by overwhelming them w ...December 25, 2024
The tweet mentions a Reflected XSS bypassing a WAF. The WAF vendor is not specified. For more details, visit the provided link.
For more details, chec ...December 24, 2024
A reflected XSS bypass was discovered that can bypass a WAF and result in a page not found error. For more details, visit https://t.co/Or51HgTK2a. Cre ...December 23, 2024
The tweet contains a bypass payload for WAF known as the 8k bypass. The vendor of the WAF is unknown. This bypass affects multiple vulnerabilities and ...December 23, 2024
The tweet mentions a bypass for Reflected XSS targeting a WAF. The payload used is 'Reflected XSS'. The WAF vendor is not specified. More te ...December 22, 2024
This tweet mentions a bug related to access to the Origin IP, which can potentially lead to a WAF bypass. The bug bounty was rewarded with a monetary ...December 21, 2024
This tweet describes a unique approach to web application firewall (WAF) security using fractal-inspired rules to detect and block malicious traffic. ...December 21, 2024
The tweet describes a tool called ORedirectMe which scans URLs with parameters, injects various payloads, and validates whether redirections occur to ...December 21, 2024
The tweet mentions a tool called LFIer designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. It highlights features like ...December 21, 2024
The tweet discusses the importance of understanding Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) in bug bounty hunting. It hi ...December 20, 2024
A bypass for Razer's WAF has been identified that allows for Remote Code Execution (RCE) using the payload: javascript://%250athrow%20on{err}o}r= ...December 19, 2024
A tweet discussing the exploitation of integrated CDN/WAF to easily bring down global web applications with DDoS attacks. The misconfiguration of WAF ...December 19, 2024
The tweet mentions trying to bypass a WAF protected website by Cloudflare to get the origin IP. While the specific tool name is not mentioned in the t ...December 17, 2024
I discovered an HTTP smuggling issue with ambiguous Content-Length handling that allowed me to bypass the proxy server's WAF. This led to Denial ...December 16, 2024
The tweet highlights the importance of defense-in-depth in WAF protection. Attackers are chaining low-severity vulnerabilities to bypass WAFs entirely ...December 13, 2024
A blogpost about a WAF bypass through exploiting CDN Integrations has been discovered. This threat poses a risk to global web applications. More techn ...December 13, 2024
A recent study has revealed critical WAF misconfigurations with 36,000 backend servers exposed globally. This poses major risks for Fortune 1000 firms ...December 13, 2024
The tweet discusses a method to bypass IP restrictions and client authentication on the origin side by creating multiple tenants with the same origin ...December 12, 2024
The tweet discusses a widespread misconfiguration that impacts major WAF vendors like Akamai, Cloudflare, Fastly, and Imperva, leading to detection ev ...December 12, 2024
The tweet mentions advanced XSS payloads for Next.js which can potentially bypass the WAF. This is a critical vulnerability affecting the Next.js WAF. ...December 12, 2024
The tweet highlights the challenges faced in bypassing a new WAF within a short time frame. It emphasizes that even with a specialized team, bypassing ...December 12, 2024
When performing a WAF bypass using the origin IP address, you can add the IP address to Burp Network Connection 'Hostname resolution overrides� ...December 11, 2024