A XSS WAF Bypass was discovered using the payload <svg/onload=alert/*1337*/(1)> where comments were inserted between JS function and parameters. ...June 23, 2024
The tweet mentions the prevalence of XSS WAF bypass payloads on social media platforms. It highlights that often neither the poster nor the 'like ...June 23, 2024
A funny WAF bypass was discovered by @coffinxp7. The payload used is <details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prom ...June 23, 2024
The tweet mentions that just by setting the WAF, it can be bypassed, affecting not only immigration services but almost all government services placed ...June 23, 2024
The tweet suggests that the WAF (Web Application Firewall) may have been bypassed by the attacker, leading to security issues and blaming the confusio ...June 23, 2024
The tweet describes a bypass for XSS WAF with limits using a payload 'parent[/al/.source+/ert/.source](1)'. This payload bypasses the ' ...June 22, 2024
Roohaa_n provides valuable insights on a SQL Injection WAF bypass using the payload ' OR 1=1 --. This bypass affects various WAF vendors and show ...June 22, 2024
A new XSS WAF bypass technique has been discovered using multi-char HTML entities. The payload includes the following translations:
&fjlig; t ...June 21, 2024
The tweet mentions XSS bypass payloads for CloudFlare, Imperva, and Akamai WAFs. The payloads include <Img Src=OnXSS OnError=alert(1)> for Cloud ...June 21, 2024
There are multiple XSS bypass payloads provided in the tweet to bypass a WAF blocking the 'alert' keyword. These payloads can trick the WAF ...June 21, 2024
An XSS WAF bypass technique using multi-char HTML entities has been shared in this tweet. The payload includes HTML entities like &fjlig; whic ...June 21, 2024
The tweet mentions a filter bypass using the message 'Next week is https://t.co/VnOqGJ6wnW !'. This could potentially bypass various WAFs. S ...June 21, 2024
A bug bounty tip suggests using HTML encoded backquote ` symbol to bypass XSS WAF restrictions in HTML events. The payload includes &grave; an ...June 20, 2024
A tweet shared a clever XSS WAF bypass technique using obfuscated payloads. The payloads obfuscate the 'alert' function to evade detection. ...June 20, 2024
A WAF bypass technique was discovered where the request bypasses the WAF, allowing the payload to be set as a cookie without detection. This can lead ...June 19, 2024
The tweet discusses Cross-Site Scripting via Web Cache Poisoning and WAF bypass. The blog post provides insights on how to exploit this vulnerability ...June 19, 2024
A bypass payload for XSS targeting CloudFlare WAF (specifically when security level is high) was shared in the tweet. The payload is: javascript:windo ...June 18, 2024
The tweet mentions a bypass of Cloudflare's WAF using Java dynamic loading features to implement a bypass of JSP webshells. This vulnerability al ...June 18, 2024
The tweet mentions a blog post about SQLi WAF Bypass Techniques using Time-Based Attacks. It is recommended to check the blog post for detailed techni ...June 18, 2024
The tweet mentioned a WAF bypass with the payload 'test1'. The vendor of the WAF is unknown. More details are needed to analyze further.
htt ...June 18, 2024
A WAF bypass for Cross-Site Scripting via Web Cache Poisoning was discovered. This bypass technique can exploit vulnerabilities in the web cache to in ...June 18, 2024
A web cache poisoning to XSS vulnerability was discovered on a bug bounty program. Check out the write-up at the provided link for more details. #bugb ...June 18, 2024
The tweet mentions a XSS vulnerability found in a Turkish clothing brand's website and a WAF bypass method. The details of the bypass method were ...June 18, 2024
The blog post by @ott3rly discusses SQLi WAF Bypass Techniques using Time-Based Attacks. It provides insights and techniques for bypassing WAF protect ...June 18, 2024
A bounty of 70+19 dollars is being offered for a WAF Bypass with Direct Server Access by the Origin IP. This bypass targets all types of vulnerabiliti ...June 16, 2024
The tweet mentions a Cross-site Scripting (XSS) vulnerability that was reported via YesWeHack platform. The specific type of XSS mentioned is Reflecte ...June 15, 2024
The tweet mentions a handy tool to bypass 403 Forbidden responses developed by nomore403. This tool could be used to bypass WAF restrictions and acces ...June 15, 2024
The tweet indicates the user's interest in learning about XSS and bypassing WAF. They mentioned learning HTML, CSS, and planning to learn JS for ...June 14, 2024