The payload used in the tweet successfully bypassed the Cloudflare WAF, but the target treated the payload as a string. Further analysis is required t ...June 11, 2025
The tweet suggests that certain tags are unknown and unpopular in WAFs, making it possible to bypass the WAF or other filters. Further analysis is nee ...June 10, 2025
Researchers discovered a new XSS bypass technique using the onscrollsnapchange event with obfuscated eval logic. This technique can bypass certain WAF ...June 10, 2025
The tweet discusses XSS/SQLi filter bypass techniques using full-width Unicode characters. It is for educational purposes and highlights how these cha ...June 9, 2025
The tweet mentions a tool that has features like dynamic wordlist fetch, multithreaded scan, and redirect/WAF bypass. The GitHub repository contains a ...June 9, 2025
A Web Application Firewall (WAF) is actively filtering out both single quotes (') and double quotes ("). This filtering can be bypassed by u ...June 9, 2025
A payload was created to bypass IDS and execute Remote Code Execution (RCE) by utilizing hex decoding. The payload is <?=eval(hex2bin("696 ...June 8, 2025
The tweet mentions bypassing WAF using the payload 'eval'. This can be considered as a bypass for XSS vulnerabilities. It is important to no ...June 8, 2025
The tweet highlights a vulnerability in React Router that exposes web apps to cache poisoning and WAF bypass attacks. This could potentially lead to d ...June 8, 2025
The tweet discusses an innovative bypass technique for Web Application Firewalls (WAF) that enables attackers to exploit Reflected Cross-Site Scriptin ...June 7, 2025
The tweet suggests that a SQL injection attempt was blocked by a Web Application Firewall (WAF). It highlights that the WAF may be the reason for the ...June 6, 2025
A new bypass technique for Cloudfront WAF has been discovered for XSS vulnerabilities. The payload used for bypassing is <svg/onload=window[&qu ...June 4, 2025
This tweet provides a step-by-step guide on bypassing a WAF for XSS attacks. The payload uses various techniques like string concatenation, replacing ...June 4, 2025
The tweet suggests bypassing a WAF (Web Application Firewall) instead of taking it down. The payload used for the bypass is 'ElephantPayload123&# ...June 4, 2025
The tweet mentions 6 modern techniques for WAF bypass related to XSS. These techniques include Context-Aware Encoding, Polyglot Payloads, DOM-based At ...June 3, 2025
This tweet highlights various techniques for bypassing Web Application Firewalls (WAF), including context-aware encoding, polyglot payloads, DOM-based ...June 3, 2025
A visual showcasing advanced SQL injection (SQLi) WAF bypass payloads has been released. These payloads compile rare and evasive techniques into a cle ...June 3, 2025
The tweet mentions bypassing the WAF of Fortinet. It indicates a potential vulnerability in the Fortinet WAF. Would you like me to provide more detail ...June 2, 2025
The tweet mentions a cheatsheet for bypassing WAF using Full-Width Symbols. This can be useful for bypassing different types of WAFs. It is recommende ...June 2, 2025
A tweet discussing a WAF bypass technique for XSS and CRLF vulnerabilities using a full-width version of symbols. This bypass can potentially affect v ...June 1, 2025
The tweet discusses XSS WAF bypass techniques using Unicode and invisible character tricks for educational purposes. The techniques involve manipulati ...June 1, 2025
A new XSS WAF bypass technique has been discovered that involves using invisible separators before or after a function name. This technique can bypass ...June 1, 2025
The tweet mentions the issue of false positives in web application firewalls (WAFs) leading to a bad user experience. It also hints at the existence o ...May 31, 2025
A new XSS WAF bypass technique has been discovered using invisible separators before or after the function name. The payload <img/src/onerror=alert ...May 30, 2025
The tweet mentions a bypass technique for a WAF but does not provide specific details about the vulnerability type, bypass payload, or WAF vendor. It ...May 30, 2025
The tweet suggests adding specific IPs to the system bypass in Vercel to fix a potential WAF bypass. This approach may allow certain IPs to bypass the ...May 29, 2025
The tweet suggests a complex and nested SQL injection payload used to retrieve information. The payload uses an unconventional approach with nested SE ...May 28, 2025