The user attempted a SQL injection attack with the payload '1=1' but the WAF blocked it. It's recommended to try different SQLi payload ...August 1, 2024
A bypass for XSS has been discovered with the payload: <details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000 ...August 1, 2024
The tweet mentions a Stored XSS vulnerability bypassing a Web Application Firewall using a unique method of Characters Limitation Bypass. The tweet do ...August 1, 2024
A tweet mentioning a method to bypass Amazon WAF Captcha with minimal cryptocurrency experience. This could be a potential security vulnerability in t ...July 31, 2024
The tweet mentions a desire for a bypass on the F5 BIG-IP ASM WAF this week to run a payload. Unfortunately, the specific bypass payload is not provid ...July 31, 2024
A SQL Injection bypass was identified in various WAFs using the payloads:
- /?s=1
- /?s[]=1
- /?s=[1]
- /?s=1\
- /?s=1/' /
- /?s=1/!1111'/
T ...July 31, 2024
The tweet discusses various queries related to subdomain discovery, hidden endpoints, finding origin IP behind strong security layers, bypassing WAF u ...July 31, 2024
A tweet requesting a payload for XSS to bypass Cloudflare WAF. The provided payload is 'In the returl=javascript'. This payload attempts to ...July 30, 2024
A blogpost will be made about the bypass using Payload Delivery Networks to abuse CDNs to bypass WAF and DDoS protections. The post will include detai ...July 30, 2024
The tweet mentions a bypass for Cloudflare WAF using an XSS payload. The payload used is <img src=x onerror=alert(1)>. This bypass can be used t ...July 30, 2024
There is a new SQL injection (SQLi) bypass method using a 403 error code. This bypass can be used against various WAF vendors. Check out the blogpost ...July 29, 2024
The tweet mentions a SQL Injection bypass using XOR and benchmark techniques. It highlights that proxies are not needed in this case, and the bypass i ...July 29, 2024
A Gross WAF Bypass is a type of bypass that can circumvent Web Application Firewalls (WAFs) using an advanced method. It is a technique that allows ma ...July 28, 2024
The tweet suggests a potential bypass technique using a URL with special characters to trigger a redirect. This could be useful for bypassing WAFs. It ...July 28, 2024
The tweet mentions that the WAF is blocking the keyword 'javascript:alert' and similar keywords. The bypass payload used is 'jaVasCript ...July 28, 2024
The tweet highlights the risk of relying too comfortably on CDN WAFs without proper security measures. It emphasizes the importance of creating bypass ...July 28, 2024
A Cloudflare WAF bypass for XSS vulnerability has been discovered. The payload used for bypass is '><img src=x onerrora=confirm() o ...July 27, 2024
The tweet discusses the risk of over-reliance on Web Application Firewalls (WAFs) as the first line of defense in cybersecurity. It acknowledges the c ...July 27, 2024
Analyzing the tweet, the author emphasizes the importance of bypassing WAF defenses to prevent false negatives. They highlight that it is possible to ...July 27, 2024
The tweet mentions the inefficiency of WAFs for ethical hackers testing applications. It highlights the challenge of distinguishing between testing th ...July 27, 2024
The tweet mentions bypassing the CDN/WAF by going directly to the load balancer or webserver, which is a technique to avoid the protection offered by ...July 27, 2024
The tweet mentions a bypass for XSS attacks by skipping the Web Application Firewall (WAF). The payload 'skip the waf and explode your xss' ...July 26, 2024
The tweet discusses a method to bypass a WAF by finding the origin IP. This technique can be useful in bypassing various types of WAFs. It is recommen ...July 26, 2024
A Cloudflare WAF Bypass for XSS vulnerability has been discovered. The payload used is "><img src=x onerrora=confirm() onerror=conf ...July 26, 2024
A potential information disclosure vulnerability has been identified in Cloudflare's WAF, allowing attackers to bypass the protection and reveal ...July 26, 2024
When Cloudflare WAF allows execution of JavaScript, it can be bypassed 100% using XSS. This bypass can potentially lead to serious security vulnerabil ...July 25, 2024
The tweet talks about leveraging Unicode Compatibility to bypass WAFs when crafting XSS payloads. The article by @leonishan_ provides insights on this ...July 25, 2024
XSS without parentheses bypass technique allows an attacker to define variables within the JavaScript context, such as event handlers or the javascrip ...July 25, 2024
A new Remote Code Execution (RCE) bypass for Cloudflare WAF has been discovered. The bypass payload %3Csvg+onload%3Dalert(1)%3E can execute arbitrary ...July 25, 2024
The tweet mentions a bypass for GoedgeCDN WAF using a C language program for better tunneling. This bypass allows for stronger tunneling effects with ...July 25, 2024