The recording of my first #ModSecurity @Coreruleset webcast is now online. Featuring a cunning body parser bypass by @terjanq, ModSec security release ...September 22, 2022
π¨ NEW: CVE-2022-39958 π¨ The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and und ...September 21, 2022
π¨ NEW: CVE-2022-39957 π¨ The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept heade ...September 21, 2022
CVE-2022-39957
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field contai ...September 20, 2022
CVE-2022-39958
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sect ...September 20, 2022
π¨ NEW: CVE-2022-39958 π¨ The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and und ...September 20, 2022
CVE-2022-39957 The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field contain ...September 20, 2022
CVE-2022-39958 The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable secti ...September 20, 2022
CVE-2022-39957 The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field contain ...September 20, 2022
CVE-2022-39958 The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable secti ...September 20, 2022
π¨ NEW: CVE-2022-39958 π¨ The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and und ...September 20, 2022
π¨ NEW: CVE-2022-39957 π¨ The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept heade ...September 20, 2022
CVE-2022-39958 : The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sec ...September 20, 2022
CVE-2022-39957 : The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field conta ...September 20, 2022
CVE-2020-22669 Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment ...September 2, 2022
CVE-2020-22669 : Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comme ...September 2, 2022
WAFs could suffer from many weaknesses in their detection techniques.
Few useful WAF bypass tricks from @s0md3v's awesome writeup on bypassing ModSec ...August 30, 2022
Here's my write-up for @intigriti x @ModSecurity hacking event.
The blog highlights my thought process behind finding multiple RCE bypasses.
https:/ ...August 29, 2022
OK, here is the #CRS #log4j / #log4shell #WAF Bypass contest.
We don't know of any jndi/ctx log4j payload that we don't detect. Show us your evasions ...December 16, 2021
The dangers of relying on just WAFs.
Bypassing them has been something we've done since the dawn of time. During my time with ModSecurity, it was as ...December 14, 2021
π¨ NEW: CVE-2021-35368 π¨ OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request ...November 9, 2021