Archive

WAF bypass by shakedko

The tweet does not provide enough information to analyze the WAF bypass. More details such as the type of vulnerability, bypass payload, and WAF vendo ... March 28, 2024

WAF bypass by cysky0x1

No details provided in the tweet to analyze the WAF bypass. Please provide more information for analysis. Original tweet: https://twitter.com/cysky0x1 ... March 28, 2024

WAF bypass by kartikpatel_99

A blog post will be made with the following details: Vendor: Shadow Demon WAF, Type of Bypass: XSS, Bypass Payload: <img March 28, 2024

WAF bypass by cysky0x1

A bypass for a 403 Forbidden error on a subdomain was found using the x-forwarded-host Header. This bypass trick allows the WAF to be bypassed in a co ... March 28, 2024

WAF bypass by sapienshack

An XSS validation bypass was discovered when the application blocks parenthesis. The payload used for the bypass is " ><i ... March 28, 2024

WAF bypass by wismbuhcuk

The tweet mentions a WAF bypass for Cloudflare. Unfortunately, the tweet does not provide details about the specific vulnerability or the bypass paylo ... March 28, 2024

WAF bypass by ElonVsKalki

A new WAF bypass technique has been discovered for Akamai's Kona Site Defender. The bypass payload used is 'kona site defender'. This vulnerability af ... March 28, 2024

WAF bypass by lohigowda_in

A tweet has revealed a WAF bypass technique using the origin IP. By utilizing Shodan, attackers can discover the origin IP and use it to bypass the WA ... March 28, 2024

WAF bypass by ved4vyasan

The tweet suggests that the third WAF mentioned may be outdated due to new WAF and bypass methods. However, upon reading the payload file, it seems to ... March 28, 2024

WAF bypass by sirifu4k1

UTF-8 Overlong Encoding Payload can be used to bypass WAF protection. This payload contains different byte sequences (%C0%AE, %E0%80%AE, %F0%80%80%AE) ... March 28, 2024

WAF bypass by NtwariJamess

A tweet mentions encountering a FortiWeb WAF screen but unable to bypass it. Crafted payloads can be used for FortiWeb WAF bypass. It would be helpful ... March 28, 2024

WAF bypass by RootMoksha

A Cloudflare WAF bypass has been discovered that leads to reflected XSS. The bypass payloads used were "><img src=x onerror=alert(1)>" and "& ... March 28, 2024

WAF bypass by Bug_X_hunter

The tweet discusses the manual exploitation of Blind SQL Injection with a mod_waf bypass. The author, @mohit29295572, provides a writeup on the topic. ... March 28, 2024

WAF bypass by eagle_0408

When hunting for SQLi, bypassing WAF filters, blacklists, and length limits is crucial. One common payload used is 'OR 1=1--. This bypasses WAF restri ... March 28, 2024

WAF bypass by inzo____

A bypass technique for Akamai WAF using the 'akamai dm' payload has been shared privately. This technique allows bypassing Akamai WAF protection. It i ... March 28, 2024

WAF bypass by r00tSid

The tweet mentions an Information Leakage vulnerability where the origin IP of a domain was leaked, and the Cloudflare WAF was bypassed. This could po ... March 28, 2024

WAF bypass by r00tSid

The tweet highlights a data leakage vulnerability where the origin IP of a domain protected by Cloudflare WAF was exposed. The bypass involved in leak ... March 28, 2024

WAF bypass by JoeSchottman

The tweet highlights the risk of assuming an application is secure without proper testing, leading to a potential WAF bypass or misconfiguration. It e ... March 28, 2024

WAF bypass by Arourmohamed01

Cloudfront WAF can be bypassed for stored XSS using the payload ,. The WAF is blocking alert(), pro ... March 28, 2024

WAF bypass by Arourmohamed01

A bypass for Cloudfront WAF for stored XSS was shared on Twitter. The only working payload is '<img src=x onerror="">,<a href=https://google( ... March 28, 2024

WAF bypass by WEBOUNCER_

Cloudflare's Cloudfront WAF has a bypass vulnerability that can be exploited. The security of the WAF is not robust enough to prevent this bypass. Sta ... February 21, 2024

WAF bypass by Dghost_Ninja

The tweet mentions a successful bypass of a Web Application Firewall (WAF) for Nigerian sites, specifically for Reflected Cross-Site Scripting (RXSS) ... February 19, 2024

WAF bypass by HexBuddy18

The tweet mentions an excellent article for WAF bypass with sqlmap, indicating a SQL Injection vulnerability. SQLmap is a popular tool for automating ... February 19, 2024

WAF bypass by thebinarybot

ffuf tool can be used to experiment with payloads for bypassing Web Application Firewalls. Here is an example command: ```ffuf -w payloads.txt -u http ... February 19, 2024

WAF bypass by nemesida_waf

The tweet mentions that a new bypass has been added to a WAF Bypass Tool. This tool can potentially bypass various Web Application Firewalls for multi ... February 18, 2024

WAF bypass by SVR_JS

The WAF successfully blocked a path traversal bypass attempt, resulting in a 403 Forbidden code. The specific WAF vendor is unknown, but it demonstrat ... February 18, 2024

WAF bypass by rekdt

EC2 instances in the 'Public' zone acting as web servers should still be considered risky despite being behind a load balancer. An attacker could pote ... February 18, 2024

WAF bypass by securitynl

A bug in ModSecurity allows for a WAF bypass. This vulnerability affects all types of vulnerabilities that ModSecurity is meant to protect against. Th ... February 6, 2024

WAF bypass by RootMoksha

A bypass technique for the Cloudflare WAF was discovered, allowing for XSS attacks without the use of parentheses. The payload used is 'javascript:var ... February 5, 2024

WAF bypass by ksg93rd

ModSecurity v3 is vulnerable to a WAF bypass vulnerability (CVE-2024-1019). This vulnerability allows an attacker to bypass the WAF protection provide ... February 2, 2024