The tweet demonstrates an XSS bypass in URL context using HTMLi, Double Encoding, and Embedded bytes. The payload JavaScript:"<Svg/OnLoad=aler ...November 20, 2024
Using character normalization to bypass WAFs is a common and effective technique for various vulnerabilities. This technique involves manipulating cha ...November 20, 2024
A bypass for Imperva WAF was discovered in the context of a Local File Inclusion (LFI) vulnerability. The WAF was blocking the standard traversal payl ...November 19, 2024
The tweet mentions the use of the SSRF-Hacks-IP-Decimal Burp Suite extension for SSRF bypass attempts and WAF evasion testing. This extension allows f ...November 19, 2024
WAF and LB can introduce attackable surfaces with flaws, including authorization bypass. These flaws are not a panacea for complete security.
For more ...November 18, 2024
A new Burp Suite extension called SSRF-Hacks-IP-Decimal has been developed by @harshad_hacker. This extension converts IP addresses to decimal notatio ...November 18, 2024
Cloudflare's security protections were found to be vulnerable to XSS bypasses, allowing malicious users to exploit flaws in web applications prot ...November 16, 2024
The tweet is promoting SQLMapping with SQLMap Command Generator and Cheat Sheet for exploiting SQL Injections. This tool can be used to bypass WAF pro ...November 16, 2024
Testing and bypassing WAF for XSS and Open Redirect vulnerabilities involves crafting payloads like <script>alert(1)</script> to evade det ...November 16, 2024
A tool called REcollapse has been developed to assist in blackbox regex fuzzing to bypass validations and discover normalizations in web apps. This to ...November 16, 2024
The tweet mentions a list of payloads gathered from the internet that can bypass WAF. This is a general bypass for various types of vulnerabilities. N ...November 15, 2024
The tweet mentions a list of payloads that can bypass WAF gathered from the internet. This indicates that there are potential vulnerabilities in vario ...November 15, 2024
This tweet suggests using the 'onwaiting' event to bypass a WAF with an attribute blocklist for XSS attacks. The event 'onwaiting' ...November 14, 2024
An LFI bypass payload '../../../../../../etc/passwd' was used to bypass an unknown WAF. The payload allowed access to the '/etc/passwd& ...November 13, 2024
The blog covers various tricks and techniques for XSS WAF bypass. It is a useful resource for bug bounty hunters and security enthusiasts looking to u ...November 13, 2024
The tweet mentions a WAF that filters all events starting with 'on'. An unconventional way to bypass this filter could be using a payload th ...November 11, 2024
The tweet mentions a WAF bypass for Sucuri WAF with a Proof of Concept link. For more information, visit the provided link and investigate the vulnera ...November 10, 2024
A bypass technique for path-based WAF restrictions has been discovered. By appending raw/unencoded non-printable and extended-ASCII characters like \x ...November 9, 2024
Hackers can bypass WAFs for SQL injection by injecting an Out-of-Band payload to expose the server's IP. This technique allows them to bypass WAF ...November 9, 2024
The tweet mentions that huge XSS payloads in POST requests did not help in bypassing Sucuri, Akamai, or Imperva WAF in preliminary tests. The techniqu ...November 8, 2024
A tweet mentioning a method to bypass path-based WAF restrictions using raw/unencoded non-printable and extended-ASCII characters has been discovered. ...November 8, 2024
A Cloudflare WAF bypass for XSS vulnerability has been discovered. The payload used for the bypass is %2Bself[%2F*foo*%2F'alert'%2F*bar*%2F] ...November 8, 2024
The tweet describes a Remote Code Execution (RCE) bypass technique using a proxy spinner, vercel as a reverse proxy, daisy-chained proxies, and invoca ...November 8, 2024
When bypassing a WAF, fuzzing characters and words can be an effective strategy to identify which ones are being blocked. By systematically testing di ...November 7, 2024
The tweet describes a successful XSS bypass for a well-known WAF through trial and error testing to identify blocked characters. The bypass allowed th ...November 7, 2024
A bypass for Reflected XSS in Akamai WAF using HTTP Parameter Pollution and Double URL Encode was discovered. The payload used is /login?ReturnUrl=jav ...November 6, 2024
Cloudflare XSS WAF Bypass: A bypass payload was discovered by @nav1n0x targeting Cloudflare WAF. The payload %2Bself[%2F*foo*%2F'alert'%2F*b ...November 6, 2024
Our Red Team recently identified a method to bypass Cloudflare WAF's XSS Protection using a unique payload. This sheds light on potential securit ...November 6, 2024
The tweet mentions attempting to bypass a WAF to achieve Oracle SQLi. More details are needed to analyze the specific bypass technique used.
Check out ...November 5, 2024