The tweet mentions using homograph to bypass blacklist or WAF by using a unicode homograph for 'Google.com'. This technique can potentially ...September 30, 2024
A FortiGate WAF bypass payload for XSS vulnerability was shared by @xss0r. The payload is '<details open ontoggle="(()=>alert`ibrahimx ...September 29, 2024
A Cloudflare WAF bypass for XSS vulnerability was discovered by @xss0r. The payload used for the bypass is '>alert(154)</script& ...September 29, 2024
This tweet mentions an XSS WAF bypass with the payload <script>alert(1)</script>. The WAF vendor is Universal. This bypass can be used for ...September 28, 2024
The tweet mentions a WAF bypass writeup containing 30 XSS vulnerabilities. This bypass affects multiple vulnerabilities and is a significant finding. ...September 27, 2024
A recent discovery of a Akamai WAF Bypass led to the discovery of 30 XSS bugs. This highlights a significant vulnerability in Akamai's WAF protec ...September 27, 2024
Akamai WAF Bypass discovered leading to the discovery of 30 XSS bugs. Blogpost coming soon with all the technical details and implications. Stay tuned ...September 27, 2024
TOR WAF Bypass for SQL Injection discovered using sqlmap with TOR. The bypass technique involves using TOR for anonymizing traffic, thereby evading de ...September 23, 2024
A bypass for XSS on a 403 page has been discovered. Multiple blogs have been written about this vulnerability, and here are some links:
1. https://t.c ...September 22, 2024
The tweet mentions the use of SQLmap Tamper Scripts for WAF bypass. SQLmap is a popular tool used for detecting and exploiting SQL injection vulnerabi ...September 21, 2024
The tweet mentions that a simple payload works for bypassing any WAF. This highlights a potential vulnerability in WAF protection mechanisms. It is cr ...September 21, 2024
The tweet mentions that there is no WAF bypass, which is a commonly known issue. It emphasizes that the target should be thanked for something other t ...September 21, 2024
The tweet did not provide specific details about the payloads or WAF vendor used for bypass. It is important to provide detailed information about the ...September 20, 2024
The tweet mentions the emotional roller-coaster of being a pentester when encountering a WAF. It highlights the excitement of finding a vulnerability, ...September 20, 2024
The tweet does not provide enough information to analyze the WAF bypass. Please provide more details such as the type of vulnerability, bypass payload ...September 20, 2024
When bypassing a WAF for XSS payloads, one common technique is to use a simple payload like <script>alert(1)</script> to test the WAF' ...September 20, 2024
The tweet mentions a WAF bypass using a broad UTF-8 set for XSS vulnerability. For this specific bypass, the vendor is unknown. An analysis blog post ...September 19, 2024
The tweet mentions a WAF bypass challenge launched by Apollo for XSS. The user successfully bypassed the WAF using an SVG use href payload. However, t ...September 19, 2024
A vulnerability bounty program with XSS issues and Cloudflare WAF was tested with the payload <script>alert('XSS bypass')</script&g ...September 19, 2024
When testing for XSS vulnerabilities, one common challenge is getting blocked by WAF. To bypass firewalls, craft payloads that evade detection. Try pa ...September 19, 2024
A tweet mentions a bypass for Cloudflare's Super Bot Fight Mode by using a Custom Waf Skip rule. The tweet claims successful speed tests on sever ...September 18, 2024
A WAF bypass for Akamai was discovered that led to 30 XSS vulnerabilities in a large platform. The bypass payload used was '><input ...September 17, 2024
This XSS payload is designed to bypass Akamai, Imperva, and CloudFlare WAF. The payload is <A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(hr ...September 16, 2024
When it comes to SQL WAF bypass, one effective technique is using the payload ' or 1=1--. This simple payload can bypass many WAFs by altering th ...September 15, 2024
The tweet mentions bypassing a WAF provided by Cloudflare. The user expresses frustration as they were able to bypass the WAF but found no functionali ...September 15, 2024
The tweet discusses the art of SQL Injection WAF Bypass, emphasizing the importance of understanding how Web Application Firewalls can be bypassed. SQ ...September 14, 2024
The tweet suggests a potential WAF bypass by sending a POST request with the IP address as the main hostname. Further investigation is needed to deter ...September 14, 2024
The tweet mentions a successful SQLi WAF bypass where the user bypassed the SQL injection WAF to exploit it. The provided payload was 'or '1 ...September 14, 2024