If the entire URL is reflected unfiltered in href value, split the payload in different parameters to bypass the WAF
#BugBounty #bugbountytips https: ...August 25, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/Udph976NHx ...August 24, 2020
New post: "XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding" https://t.co/0kwHIHaDDU ...August 24, 2020
XSS: Arithmetic Operators and Optional Chaining to bypass input validation, sanitization, WAF, and HTML encoding https://t.co/QrSk5JUBXd ...August 24, 2020
#Tricks : You can bypass a WAF during a XSS attack on ASP(dot)NET/IIS technology by using a HTTP parameter pollution attack.
#bugbounty #bugbountytip ...August 23, 2020
#bugbounty anyone have any interesting Node.js path traversal payloads? Trying to bypass a WAF. Tried everything I can find including all in payloadal ...August 22, 2020
#Day2 #100DaysOfBugBounty.
Understanding how WAF works and looking for bypass.
Not easy to find a bypass for SOP and CSP. https://t.co/3dw6QinquC ...August 18, 2020
Si te interesan los Payloads para bypassear waf, ya sea inyección sql y xss puedes buscar en mi perfil y encontrarás cosas que te pueden interesar:
...August 17, 2020
Security Tip 10/31: Using Cloudflare? check your DNS records to verify that your origin IP address is not exposed. An attacker can use an exposed orig ...August 12, 2020