This tweet discusses bypassing source check on postMessage to achieve XSS. It highlights a method to bypass security checks in order to execute a cros ...April 18, 2025
This tweet discusses SQL injection as a vulnerability that requires knowledge of SQL. It mentions that the WAF blocks payloads, so bypass techniques n ...April 18, 2025
The tweet mentions finding a vulnerable endpoint multiple times, but the payload being blocked by the WAF. It highlights the challenge of bypassing th ...April 18, 2025
The tweet demonstrates real-time bypasses of Cloudflare and ModSecurity using ProxyChains + tamper scripts for SQL Injection. It can be helpful for us ...April 17, 2025
A WAF bypass technique using Sqlmap, Proxychain, and Tamper Scripts to bypass Cloudflare and Modsecurity WAF. This technique allows attackers to explo ...April 17, 2025
A XSS payload in JS context was discovered by @thelilnix for WAF bypass. The payload used is ''.replace.call`1${/.../}${alert}`. This bypass ...April 17, 2025
The tweet mentions working on a WAF bypass video using proxychains. Proxychains is a tool used for proxying connections through different proxies. The ...April 16, 2025
This XSS payload utilizes the replace method in JavaScript to bypass WAF protection. The payload inserts a malicious alert function within the context ...April 16, 2025
A bypass was discovered in Cloudflare WAF that allows for Origin IP Leakage. This vulnerability can potentially expose the IP address of the origin se ...April 16, 2025
The tweet mentions creating a payload for a WAF bypass. It indicates that the user cannot sleep and is preparing a payload to try a WAF bypass tomorro ...April 16, 2025
A vulnerability CVE-2025-31137 has been discovered in React Router, a library providing routing functionality. This vulnerability poses risks such as ...April 16, 2025
A vulnerability (CVE-2025-31137) affecting React Router has been fixed to prevent Web App Cache Pollution and WAF bypass. Detailed technical informati ...April 16, 2025
A stored XSS vulnerability was discovered on a private bug bounty program at HackerOne. The bypass payload used was <Img Src=OnXSS OnError=confirm( ...April 15, 2025
The tweet discusses a WAF Bypass Generator that helps hackers bypass WAFs using XSS, SQLi, and SSRF. This tool provides filtered payloads and bypass t ...April 15, 2025
This tweet mentions a tricky WAF bypass for reflected XSS. Unfortunately, no specific vendor is mentioned. It would be helpful to provide more technic ...April 14, 2025
The tweet describes a successful XSS bypass on Cloudflare's WAF using encoded JS trickery. This bypass showcases the ability to evade Cloudflare& ...April 13, 2025
A stored XSS vulnerability was found on a private bug bounty program on HackerOne. The bypass payload used was '<Img Src=OnXSS OnError=confirm ...April 12, 2025
The tweet mentions using open source tools for project discovery and utilizing AI for detecting vulnerabilities, specifically WAF bypass. It highlight ...April 12, 2025
The tweet mentions a potential WAF bypass or load balancer bypass depending on the context. The payload used is '/load balancer bypass'. Fur ...April 12, 2025
A new BurpSuite extension has been released that rotates the user agent with every request to bypass WAFs that block users based on User Agent. This s ...April 12, 2025
The bypass tool enables bypassing security restrictions through HTTPS/TLS, making it easier to bypass IDS/IPS and WAF, as well as restrictions imposed ...April 11, 2025
The tweet suggests using SQLMap with the -tamper flag to bypass the WAF for bug bounty or penetration testing purposes. This technique is commonly use ...April 11, 2025
The user mentioned using Burp Suite MCP Server with Claude Desktop for WAF bypass testing. This combination proved to be effective in providing WAF by ...April 10, 2025
This is an XSS bypass for Imperva WAF. The payload used is '><input type=hidden oncontentvisibilityautostatechange=alert(1) style=c ...April 10, 2025
The tweet mentions a successful bypass of the Bangladesh WAF using a curl command with proxy and SSL ignore options. It suggests hiring a UI developer ...April 10, 2025
The tweet mentions attempts to bypass Imperva WAF using encoded payloads, null bytes, case-swapping, and time-based delays. The user expresses frustra ...April 8, 2025
The tweet suggests using rotating proxies on a VPN for WAF bypass. This approach can help in creating a large pool of IP addresses to evade WAF detect ...April 7, 2025
Using a proxy with multiple IPs in every request can be a more effective option than using a VPN for WAF or rate limit bypass. This method allows for ...April 7, 2025