A Cloudflare XSS WAF bypass was discovered using the payload: ><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ= ...March 3, 2025
Cloudflare whitelists their own bots and fetchers in the WAF to bypass captchas. This allows their internal tools to navigate through captchas without ...March 2, 2025
A tweet indicating interest in collaborating for escalating XSS attacks and bypassing WAF or CSP restrictions. The provided payload for XSS bypass is ...February 28, 2025
The tweet mentions that by prefixing the SQLi payload with JSON syntax, the WAF can be bypassed. This technique can be effective in certain scenarios ...February 28, 2025
A command injection bypass was discovered that exploits the WAF by using the payload '`cat /et$()c/pa's'swd`'. This bypass can aff ...February 28, 2025
The tweet mentions the frustration of not being able to receive proper support for finding a WAF bypass. It highlights the difficulty in getting a rea ...February 28, 2025
This tweet provides a methodology for XSS bug bounty hunting. It includes steps for reconnaissance, identifying injection points in HTML and attribute ...February 28, 2025
This tweet mentions a bug fix that didn't entirely fix the XSS vulnerability, leading to a second report. Although it's not specifically a W ...February 27, 2025
Wafmap is a tool that includes most bypass techniques for automation. It utilizes lambda algorithms to adapt to WAF behavior. This tool can be used to ...February 26, 2025
The tweet mentions a tutorial on bypassing Huawei WAF. The bypass method is not specified in the tweet. Further analysis is needed to determine the sp ...February 26, 2025
An XSS bypass technique was identified using the payload 'onerror=alert;throw 123;' which can bypass various WAFs. This payload utilizes the ...February 25, 2025
This tweet describes an XSS WAF bypass using the payload '10006630~!~/[redacted]/a/unix/apps/WAS/FileService/files/[redacted]/2023/9/21~!~xss&quo ...February 24, 2025
The tweet describes a successful bypass of a WAF using a XSS payload. The attacker was unable to bypass the WAF by extracting the parameter from the U ...February 23, 2025
The tweet mentions a WAF bypass XSS challenge from 2013 that included MentalJS and Dompurify. It states that despite being a decade later, these can s ...February 21, 2025
The tweet describes an XSS WAF bypass that escalated to a PII (Personally Identifiable Information) leak and authenticated sensitive requests. This ty ...February 21, 2025
The tweet mentions that it is hard to find XSS vulnerabilities unless you can bypass the Web Application Firewall (WAF). The mentioned XSS payload is ...February 21, 2025
The tweet mentions a custom XSS payload developed for bypassing Akamai and Cloudflare WAFs. The payload targets XSS vulnerabilities and is aimed at co ...February 21, 2025
This method utilizes TOR to rotate IPs during fuzzing, allowing for the bypass of rate limits and avoidance of WAF blocks. It is compatible with tools ...February 19, 2025
The tweet suggests using a commercial WAF for better telemetry and protection at scale. It mentions the use of ModSecurity and Fail2Ban for securing a ...February 18, 2025
The tweet mentions a WAF bypass related to XSS. It includes references to HackerOne, BugCrowd, and nuclei templates. The post provides a video and a w ...February 17, 2025
The tweet mentioned a successful bypass of a WAF to uncover a Reflected XSS vulnerability. The WAF vendor is not specified. It would be interesting to ...February 17, 2025
The tweet mentioned WAF's blocking access. If you encounter a WAF blocking you, it could be due to various vulnerabilities. It's important t ...February 16, 2025
The tweet by @ZeroDayHunter0 highlights multiple ways to bypass a generic WAF. These include bypassing OTP via brute force without rate limiting, inje ...February 16, 2025
Read about SQLi WAF Bypass Techniques using Time-Based Attacks in Ott3rly's Medium post. Learn how to bypass WAF protections and exploit SQL inje ...February 15, 2025
The tweet refers to a Medium article titled 'SQLi WAF Bypass Techniques Part 2' by Ott3rly. It discusses advanced techniques for bypassing S ...February 15, 2025
The tweet mentions using the Assetnote research on WAF bypass by adding junk data before any payload. This technique is known as 'nowaf' and ...February 14, 2025
The tweet discusses SQLi WAF Bypass Techniques using Time-Based Attacks. The credit goes to Ott3rly. The post provides insights into bypassing SQL inj ...February 14, 2025
The tweet mentions a cool XSS finding using 2 reflections inside a JS script context to bypass Server-Side Sanitizer, Double quote escaper, and a Stri ...February 13, 2025
The tweet mentions a free XSS scanner with bypasses and all payloads. It includes links to Discord and Telegram for invitation requests. The tweet ind ...February 12, 2025