You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ https://“
“ file://“
#bugbountytips ...February 21, 2021
Does anyone know of any way to bypass the WAF protection against the < sign that comes with a character? For example: if I enter "< a" t ...February 11, 2021
How many ways does PHP give you to exploit an RCE bypassing filters, input sanitization, and WAF rules? Read more here #bugbou ...February 11, 2021
Here's another writeup for a task I authored with @makelarisjr for @hackthebox_eu x UNI #CTF Quals.
? WAFfles Order consists of insecure deserializ ...February 5, 2021
Top story’s from my Newspaper @HolyBugx: ‘You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed ...January 31, 2021
Top story's from my Newspaper @HolyBugx: 'You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed a W ...January 31, 2021
CyberSec News: @HolyBugx: 'You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed a WAF restriction ...January 30, 2021
Top story: @HolyBugx: 'You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed a WAF restriction just ...January 30, 2021
You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed a WAF restriction just now.
I Covered the Syn ...January 30, 2021
You can bypass WAFs using a simple Match&Replace rule in Burp Suite, I used it and I simply bypassed a WAF restriction just now.
I Covered the Syn ...January 30, 2021
Beautiful WAF bypass I just found:
Strips specific tags, including '<>'.
Blocks all event handlers.
So I used 'on<>load' instead. It che ...January 27, 2021