The Zafran Research Team has uncovered a critical misconfiguration in popular web application firewall (WAF) services including Akamai and Cloudflare. ...December 4, 2024 — 0 Comments
Embedding payloads in credentials is an effective way to bypass WAF detection. When credentials are included in URLs, they are often ignored by WAFs, ...December 4, 2024 — 0 Comments
20% of Fortune1000 companies fail to properly configure their CDN-WAF solutions, leading to a widespread WAF bypass that can allow DDoS attacks or exp ...December 4, 2024 — 0 Comments
A bypass has been discovered for Amazon Cloudfront WAF using the %ff%00%ff sequence. This sequence terminates the string and stops the WAF scanning, a ...December 4, 2024 — 0 Comments
The tweet mentions the importance of including a link to online test pages to demonstrate that a WAF bypass works. It highlights that a bypass does no ...December 2, 2024 — 0 Comments
The tweet mentions a bypass using the payload 'exercises but brute gym' for CDN WAFs like Akamai. This bypass seems to be effective in under ...December 2, 2024 — 0 Comments
It seems like @RodoAssis is interested in famous CDN WAF tests and payloads for bypassing whitelist/blacklist. Let's explore some of these techni ...December 2, 2024 — 0 Comments
A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypas ...December 1, 2024 — 0 Comments
This tweet provides a Nuclei template that can be used for SSRF scanning and WAF bypass. The template can be utilized for security testing purposes. F ...December 1, 2024 — 0 Comments
A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The bypass payload is <details open ontoggle=alert(document.cookie)>. ...November 29, 2024 — 0 Comments
A new XSS bypass for Cloudflare WAF has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypas ...November 29, 2024 — 0 Comments
The tweet mentions tricks to obfuscate alert, confirm, and prompt dialogs in order to bypass a filter or WAF for XSS attacks. The provided ebook may c ...November 28, 2024 — 0 Comments
This tweet mentions a common scenario where someone is looking for a way to bypass a Web Application Firewall (WAF) or the 403 Forbidden error. It hig ...November 27, 2024 — 0 Comments
A new XSS WAF bypass for Cloudflare has been discovered by xss0r. The payload used for bypass is <details open ontoggle=alert('xss0r' ...November 27, 2024 — 0 Comments
An interesting discovery has been made in a widely used framework that allows manipulation of the router to bypass specific filters/WAF or completely ...November 27, 2024 — 0 Comments
Two JavaScript payloads for bypassing WAF in URL context have been discovered. The first payload is "<Svg/OnLoad=alert%252526lpar;1)>" ...November 27, 2024 — 0 Comments
This XSS bypass payload utilizes the JavaScript import function to execute an alert(origin) function. The use of Unicode encoding in the payload (\
ht ...November 26, 2024 — 0 Comments
ChatGPT has been used to test the effectiveness of bypassing the top 3 WAF vendors. The payload used in this test is 'How fast ChatGPT can bypass ...November 25, 2024 — 0 Comments
A Burp extension has been developed to evade TLS fingerprinting, allowing users to bypass WAF and spoof any browser. This tool can be used to modify a ...November 25, 2024 — 0 Comments
A blogpost about bypassing AWS WAF using XSS payload <script>alert('WAF Bypassed')</script> has been created. It demonstrates ho ...November 24, 2024 — 0 Comments
The tweet mentions learning cool techniques of WAF Bypass from @3nc0d3dGuY and @assetnote while retesting on HackerOne. It shows appreciation for thei ...November 23, 2024 — 0 Comments
The tweet does not provide specific information about the WAF bypass techniques used. It is important to have more details about the vulnerability typ ...November 23, 2024 — 0 Comments
The tweet discusses an error-based SQL Injection WAF bypass by @c0nqr0r. The bypass payload used is Error-based SQL Injection. The vendor of the WAF i ...November 22, 2024 — 0 Comments
The tweet mentions hunting bugs using error-based SQL injection (SQLi) to bypass a Web Application Firewall (WAF) without automation. The tweet highli ...November 22, 2024 — 0 Comments
A blog post should be made about this bypass as it highlights a vulnerability in file upload validation through Multipart Parsers. The post should dis ...November 22, 2024 — 0 Comments
A new SSRF vulnerability has been discovered in Cloudflare's rocketloader nuclei template. This vulnerability can be exploited to find the origin ...November 22, 2024 — 0 Comments
This tweet describes an XSS bypass for CloudFlare WAF using the payload JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>". The technique ...November 21, 2024 — 0 Comments
Two payloads for bypassing WAF in URL context have been shared by @BRuteLogic. The payloads are designed for XSS attacks. The first payload is JavaScr ...November 21, 2024 — 0 Comments
The tweet suggests that bypassing a WAF (Web Application Firewall) without the Origin IP is fun and often easy. It mentions that it requires some effo ...November 21, 2024 — 0 Comments
A tweet suggesting to find the Origin IP as a potential WAF bypass technique. This technique aims to identify the real IP address behind the WAF prote ...November 21, 2024 — 0 Comments