A new XSS payload has been discovered that can bypass Cloudflare's Web Application Firewall (WAF), posing a significant threat to web application ...July 18, 2024
A SSRF vulnerability was discovered which allowed the attacker to access the application via the IP address. This bypass revealed that the application ...July 18, 2024
A XSS WAF bypass technique using multi-character HTML entities like >⃒ or <⃒ has been discovered by @garethheyes and @thercema ...July 18, 2024
A clever XSS bypass technique was discovered that involves tricking JavaScript itself using regex. This can potentially evade detection by a generic W ...July 18, 2024
When attacking poorly written and XSS-prone web applications, an application firewall can obstruct success. To bypass it, an attacker can use a simple ...July 17, 2024
CloudFlare WAF Bypass - XSS
A new XSS bypass has been discovered for Cloudflare WAF. The payload used for the bypass is '><img src ...July 17, 2024
The tweet refers to research from 2012 where escape characters can act as no-ops to bypass WAF or filters. This technique can be used in XSS attacks t ...July 17, 2024
This tweet highlights a new XSS WAF Bypass with a clever payload. The payload includes JavaScript code that creates a button element and utilizes a po ...July 16, 2024
KNOXSS is a XSS bypass payload that can evade Cloudflare's WAF. This payload can be used to bypass Cloudflare's protection against cross-sit ...July 16, 2024
The tweet describes a case manipulation technique used to bypass a Web Application Firewall (WAF) and store malicious input due to lack of input sanit ...July 15, 2024
Recently, a Knoxss bypass for WAF was discovered using the payload <script>alert(1)</script>. This bypass affects XSS vulnerabilities. For ...July 15, 2024
A bypass technique was used to circumvent IP address blocking by rotating through a list of proxies. This method effectively evades the WAF's res ...July 15, 2024
This tweet showcases 10 writeups about Cloudflare bypasses, including XSS, RXSS, and SQLi vulnerabilities. These writeups provide insights into variou ...July 15, 2024
The tweet suggests using Tor to bypass a WAF. It highlights the use of Tor as a method to evade the security measures of a Web Application Firewall. W ...July 15, 2024
A bypass for AWS WAF using the payload 'application/json???AWS WAF Bypass' has been discovered. This bypass affects various vulnerabilities ...July 14, 2024
A CloudFlare WAF bypass for XSS has been discovered. The payload used for the bypass is <button%20popovertarget=x>Click%20me</button><i ...July 14, 2024
The tweet describes a bypass for Cloudflare WAF using an XSS payload. The bypass was achieved by using a variation of the 'onerror' attribut ...July 14, 2024
The tweet mentions encountering a SQL Injection vulnerability but being unable to bypass the Akamai WAF to fetch tables, only obtaining the type of th ...July 13, 2024
A tweet mentioning a potential SQL injection bypass using the /bin/bash sqlmap --list-tamper payload. This bypass technique can be used to evade Web A ...July 13, 2024
The tweet mentions a bypass for Akamai Kona WAF using the payload 'akamai kona waf'. This indicates a possible security vulnerability in the ...July 13, 2024
SQLi WAF Bypass Techniques Part 2 blog post has been published on Hatena Blog. Learn about SQL Injection vulnerabilities and cybersecurity.
https://tw ...July 12, 2024
A bypass for Amazon WAF has been discovered affecting XSS vulnerabilities. The bypass payload used is '<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxx ...July 11, 2024
The tweet mentions a blog post about SQLi WAF Bypass Techniques focusing on Time-Based Attacks. The post seems to provide insights into bypassing SQL ...July 11, 2024
A bypass for AWS WAF using the payload 'application/json???AWS WAF Bypass' has been discovered. This bypass affects various vulnerabilities ...July 10, 2024
The tweet mentions an AWS WAF bypass using the payload 'application/json'. This bypass affects various vulnerabilities and can potentially b ...July 9, 2024
A bypass for AWS WAF using an application/json payload was discovered. This bypass affects various vulnerabilities and can be used to evade the AWS WA ...July 9, 2024
The tweet mentions a WAF bypass payload for XSS with a reward of 3 months of free usage. The WAF vendor is not specified. It would be interesting to k ...July 8, 2024
A serious XSS vulnerability and HTML Injection has been discovered on the @IEuniversity website, bypassing the CloudFront WAF. The vulnerability poses ...July 8, 2024