Leveraging the power and versatility of Cloudflare's Ruleset Engine, Waiting Room now offers customers more fine-tuned control over what traffic a wai ...January 19, 2023
Recently, news and research about #WAF bypass technique using JSON-based SQL syntax are making rounds in the interwebs. Arvin Fopalan shares Mitigatin ...January 19, 2023
A rather cleverly named vulnerability allowing JSON-based SQL to bypass a WAF — more details on {JS-ON: Security-OFF} here:
https://t.co/pBYQRj61hZ ...January 18, 2023
Bug Bounty Cheatsheet
Try the Full-Width version of the commonly used symbols for XSS/WAF/SQL filter bypass.
?? - %EF%BC%9C (\uff1c)
?? - %EF%BC%9E ...January 17, 2023
Bug Bounty Hint
Try the Full-Width version of the commonly used symbols for XSS/WAF/SQL filter bypass.
?? - %EF%BC%9C (\uff1c)
?? - %EF%BC%9E (\uff ...January 17, 2023
Did you know to check for SQL injection vulnerabilities in XML input?
We can even obfuscate our payload with XML entities to bypass WAF protections ? ...January 16, 2023
Bug Bounty Hint
Try the Full-Width version of the commonly used symbols for XSS/WAF/SQL filter bypass.
?? - %EF%BC%9C (\uff1c)
?? - %EF%BC%9E (\uff ...January 16, 2023
Hello @Cloudflare why are you forcing me to enable two-factor authentication? I don't want to enable two-factor authentication. I am not able to login ...January 15, 2023
RATS stealing secrets
"Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access tr ...January 13, 2023
CVE-2022-3656 affecting #Google Chrome allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
https://t.co/Nqrmv7OteE
...January 13, 2023
Day 6 of #100DaysOfHacking
1. New tool release: Discovering the origin host to bypass web application firewalls:- https://t.co/KX4SIwXXPD
2. Solved M ...January 13, 2023
Reviewing @owasp SQL Injection WAF Bypass page - https://t.co/qEMhsM57g6. What WAFs actually attempt to "sanitize" or replace malicious content from p ...January 6, 2023