Day 3 of bug hunting :
1. Tried manual SQL injection on some live websites with modsecurity WAF bypass and successfuly extracted all the data
2. Lea ...September 10, 2020
New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!
? XXE WAF Bypass
? Works when there is no XXE, but there ...September 7, 2020
Hi can anyone suggest me recommendation for cloudflare waf bypass. I have found the bypass technique using origin ip by censys scan. ...September 7, 2020
Want to bypass WAF? Sometimes they are taken down by easiest of things. One such thing that actually worked for me was:
*Blocked*
q= ... select ... f ...September 6, 2020
Top story: XSS WAF & Character limitation bypass like a boss | by Prial Islam Khan | InfoSec Write-ups | Medium https://t.co/3NFuvKkQpk, see more ...September 6, 2020
Top story: XSS WAF & Character limitation bypass like a boss | by Prial Islam Khan | InfoSec Write-ups | Medium https://t.co/wmrqcklhvB, see more ...September 5, 2020
Cloudflare WAF has a feature to block/challenge all TOR traffic hitting your website.
Turns out you can bypass this restriction entirely by just ena ...September 4, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/K6tU0s8gl1 https://t.co/ ...September 2, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/I2NlOwsNn2 https://t.co/ ...September 2, 2020
If the entire URL is reflected unfiltered in href value, split the payload in different parameters to bypass the WAF
#BugBounty #bugbountytips https: ...August 25, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/Udph976NHx ...August 24, 2020
New post: "XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding" https://t.co/0kwHIHaDDU ...August 24, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/QrSk5JUBXd ...August 24, 2020
#Tricks : You can bypass a WAF during a XSS attack on ASP(dot)NET/IIS technology by using a HTTP parameter pollution attack.
#bugbounty #bugbountytip ...August 23, 2020