When learning about WAF filters and how to bypass them, @HoiyaOCE it's important to understand the underlying technology and techniques used by d ...March 6, 2025 — 0 Comments
The tweet mentions a WAF bypass by HoiyaOCE, highlighting the importance of understanding WAF filters and techniques used by different vendors. It emp ...March 6, 2025 — 0 Comments
A SQL injection bypass technique was discovered by mmffkkdd where the SQLi payload is prefixed with JSON syntax to evade detection by certain WAF rule ...March 6, 2025 — 0 Comments
A tutorial on bypassing Huawei WAF has been mentioned in a tweet by ridingwithmopz. Stay tuned for further updates as we analyze the specific vulnerab ...March 6, 2025 — 0 Comments
When injecting angular brackets or double quotes without encoding, basic payloads like <script>alert(1)</script> can be effective. If bloc ...March 6, 2025 — 0 Comments
A SQL Injection bypass attempt was detected in the log with the payload ticks or backticks. The matched data was `600Jq6u` found within ARGS: login[pa ...March 5, 2025 — 0 Comments
The tweet mentions a Cloudflare XSS and SQLi bypass. Depending on the WAF rules and filtering used by Cloudflare, the effectiveness of the bypass can ...March 5, 2025 — 0 Comments
The tweet mentions the use of Ghauri payloads and advanced techniques to bypass a WAF. The vendor of the WAF is unknown. The bypass technique seems to ...March 5, 2025 — 0 Comments
An Akamai WAF bypass was discovered that led to the discovery of 30 XSS bugs. This vulnerability affects XSS and specifically targets Akamai's WA ...March 4, 2025 — 0 Comments
When learning about WAF filters and how to bypass them, it's important to understand the underlying technology and techniques used by different v ...March 4, 2025 — 0 Comments
A Cloudflare XSS WAF bypass was discovered using the payload: ><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ= ...March 3, 2025 — 0 Comments
Cloudflare whitelists their own bots and fetchers in the WAF to bypass captchas. This allows their internal tools to navigate through captchas without ...March 2, 2025 — 0 Comments
A tweet indicating interest in collaborating for escalating XSS attacks and bypassing WAF or CSP restrictions. The provided payload for XSS bypass is ...February 28, 2025 — 0 Comments
The tweet mentions that by prefixing the SQLi payload with JSON syntax, the WAF can be bypassed. This technique can be effective in certain scenarios ...February 28, 2025 — 0 Comments
A command injection bypass was discovered that exploits the WAF by using the payload '`cat /et$()c/pa's'swd`'. This bypass can aff ...February 28, 2025 — 0 Comments
The tweet mentions the frustration of not being able to receive proper support for finding a WAF bypass. It highlights the difficulty in getting a rea ...February 28, 2025 — 0 Comments
This tweet provides a methodology for XSS bug bounty hunting. It includes steps for reconnaissance, identifying injection points in HTML and attribute ...February 28, 2025 — 0 Comments
This tweet mentions a bug fix that didn't entirely fix the XSS vulnerability, leading to a second report. Although it's not specifically a W ...February 27, 2025 — 0 Comments
Wafmap is a tool that includes most bypass techniques for automation. It utilizes lambda algorithms to adapt to WAF behavior. This tool can be used to ...February 26, 2025 — 0 Comments
The tweet mentions a tutorial on bypassing Huawei WAF. The bypass method is not specified in the tweet. Further analysis is needed to determine the sp ...February 26, 2025 — 0 Comments
An XSS bypass technique was identified using the payload 'onerror=alert;throw 123;' which can bypass various WAFs. This payload utilizes the ...February 25, 2025 — 0 Comments
This tweet describes an XSS WAF bypass using the payload '10006630~!~/[redacted]/a/unix/apps/WAS/FileService/files/[redacted]/2023/9/21~!~xss&quo ...February 24, 2025 — 0 Comments
The tweet describes a successful bypass of a WAF using a XSS payload. The attacker was unable to bypass the WAF by extracting the parameter from the U ...February 23, 2025 — 0 Comments
The tweet mentions a WAF bypass XSS challenge from 2013 that included MentalJS and Dompurify. It states that despite being a decade later, these can s ...February 21, 2025 — 0 Comments
The tweet describes an XSS WAF bypass that escalated to a PII (Personally Identifiable Information) leak and authenticated sensitive requests. This ty ...February 21, 2025 — 0 Comments
The tweet mentions that it is hard to find XSS vulnerabilities unless you can bypass the Web Application Firewall (WAF). The mentioned XSS payload is ...February 21, 2025 — 0 Comments
The tweet mentions a custom XSS payload developed for bypassing Akamai and Cloudflare WAFs. The payload targets XSS vulnerabilities and is aimed at co ...February 21, 2025 — 0 Comments
This method utilizes TOR to rotate IPs during fuzzing, allowing for the bypass of rate limits and avoidance of WAF blocks. It is compatible with tools ...February 19, 2025 — 0 Comments
The tweet suggests using a commercial WAF for better telemetry and protection at scale. It mentions the use of ModSecurity and Fail2Ban for securing a ...February 18, 2025 — 0 Comments