This tweet provides a Nuclei template that can be used for SSRF scanning and WAF bypass. The template can be utilized for security testing purposes. F ...December 1, 2024
A new Cloudflare WAF bypass for XSS has been discovered by xss0r. The bypass payload is <details open ontoggle=alert(document.cookie)>. ...November 29, 2024
A new XSS bypass for Cloudflare WAF has been discovered by xss0r. The payload used is <details open ontoggle=alert(document.cookie)>. This bypas ...November 29, 2024
The tweet mentions tricks to obfuscate alert, confirm, and prompt dialogs in order to bypass a filter or WAF for XSS attacks. The provided ebook may c ...November 28, 2024
This tweet mentions a common scenario where someone is looking for a way to bypass a Web Application Firewall (WAF) or the 403 Forbidden error. It hig ...November 27, 2024
A new XSS WAF bypass for Cloudflare has been discovered by xss0r. The payload used for bypass is <details open ontoggle=alert('xss0r' ...November 27, 2024
An interesting discovery has been made in a widely used framework that allows manipulation of the router to bypass specific filters/WAF or completely ...November 27, 2024
Two JavaScript payloads for bypassing WAF in URL context have been discovered. The first payload is "<Svg/OnLoad=alert%252526lpar;1)>" ...November 27, 2024
This XSS bypass payload utilizes the JavaScript import function to execute an alert(origin) function. The use of Unicode encoding in the payload (\
ht ...November 26, 2024
ChatGPT has been used to test the effectiveness of bypassing the top 3 WAF vendors. The payload used in this test is 'How fast ChatGPT can bypass ...November 25, 2024
A Burp extension has been developed to evade TLS fingerprinting, allowing users to bypass WAF and spoof any browser. This tool can be used to modify a ...November 25, 2024
The tweet mentions learning cool techniques of WAF Bypass from @3nc0d3dGuY and @assetnote while retesting on HackerOne. It shows appreciation for thei ...November 23, 2024
The tweet does not provide specific information about the WAF bypass techniques used. It is important to have more details about the vulnerability typ ...November 23, 2024
The tweet discusses an error-based SQL Injection WAF bypass by @c0nqr0r. The bypass payload used is Error-based SQL Injection. The vendor of the WAF i ...November 22, 2024
The tweet mentions hunting bugs using error-based SQL injection (SQLi) to bypass a Web Application Firewall (WAF) without automation. The tweet highli ...November 22, 2024
A blog post should be made about this bypass as it highlights a vulnerability in file upload validation through Multipart Parsers. The post should dis ...November 22, 2024
A new SSRF vulnerability has been discovered in Cloudflare's rocketloader nuclei template. This vulnerability can be exploited to find the origin ...November 22, 2024
This tweet describes an XSS bypass for CloudFlare WAF using the payload JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>". The technique ...November 21, 2024
Two payloads for bypassing WAF in URL context have been shared by @BRuteLogic. The payloads are designed for XSS attacks. The first payload is JavaScr ...November 21, 2024
The tweet suggests that bypassing a WAF (Web Application Firewall) without the Origin IP is fun and often easy. It mentions that it requires some effo ...November 21, 2024
A tweet suggesting to find the Origin IP as a potential WAF bypass technique. This technique aims to identify the real IP address behind the WAF prote ...November 21, 2024
SQLmap was used to successfully bypass Ghauri WAF in this case by using the Origin Ip. It initially failed but was successful with the mentioned techn ...November 20, 2024
The tweet demonstrates an XSS bypass in URL context using HTMLi, Double Encoding, and Embedded bytes. The payload JavaScript:"<Svg/OnLoad=aler ...November 20, 2024
Using character normalization to bypass WAFs is a common and effective technique for various vulnerabilities. This technique involves manipulating cha ...November 20, 2024
A bypass for Imperva WAF was discovered in the context of a Local File Inclusion (LFI) vulnerability. The WAF was blocking the standard traversal payl ...November 19, 2024
The tweet mentions the use of the SSRF-Hacks-IP-Decimal Burp Suite extension for SSRF bypass attempts and WAF evasion testing. This extension allows f ...November 19, 2024
WAF and LB can introduce attackable surfaces with flaws, including authorization bypass. These flaws are not a panacea for complete security.
For more ...November 18, 2024
A new Burp Suite extension called SSRF-Hacks-IP-Decimal has been developed by @harshad_hacker. This extension converts IP addresses to decimal notatio ...November 18, 2024
Cloudflare's security protections were found to be vulnerable to XSS bypasses, allowing malicious users to exploit flaws in web applications prot ...November 16, 2024