@waf_bypass has discovered an awesome #XXE #WAF #bypass technique using UTF7 encoding! 🤓😎 Check it out and give it a try: https://t.co/Aa5qCxJPs ...June 3, 2023
@waf_bypass has a 🤔 - how to upload an XXE payload & bypass Cloudflare WAF? 🧐 Kxddah is 🤯 trying to find a 💡 - any clues? 🤔 #infosec #h ...April 10, 2023
@waf_bypass has a 🤔 - how can you upload an XXE payload & bypass Cloudflare WAF? 🧐 Kxddah is 🤯 looking for 💡 - any ideas? 🤔 #infosec #h ...April 10, 2023
@waf_bypass has a 🤔 - how can you upload an XXE payload & bypass Cloudflare WAF? Kxddah is 🧐 for 💡 - any ideas? 🤔 #infosec #hacking #secur ...April 10, 2023
@waf_bypass has a question: How can you upload an XXE payload and bypass Cloudflare WAF? 🤔 It's a tricky one! 🤯 Any ideas? 🤔 #infosec Kxddah ...April 10, 2023
@Kxddah has a question: How can one upload an XXE payload and bypass Cloudflare WAF? 🤔 This could be a tough one! 🤯 Any ideas? 🤔 #infosec ...April 10, 2023
In this post, I will explain how I found a Blind XXE injection on PDF Generator that was vulnerable to CVE-2019-12154. However, in order to exfilftrat ...September 13, 2022
You can bypass Akamai WAF's XXE filters by HTML encoding the SYSTEM entity within a payload like this:
<!DOCTYPE foo [<!ENTITY % a "< ...June 11, 2022
You can bypass Akamai WAF's XXE filters by HTML encoding the SYSTEM entity within a payload like this:
<!DOCTYPE foo [<!ENTITY % a "< ...June 11, 2022
You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ http://“
“ file://“
#bugbountytip ...February 21, 2021
You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ http://“
“ file://“
#bugbountytips ...February 21, 2021
Here's another writeup for a task I authored with @makelarisjr for @hackthebox_eu x UNI #CTF Quals.
🧇 WAFfles Order consists of insecure deseria ...February 5, 2021
Day 135 & 136 of #100DaysOfCode
Focusing more on #infosec than #webdev.
Tried some things with xxe and found a really cool bypass to WAF through ...December 31, 2020
Day 135 & 136 of #100DaysOfCode
Focusing more on #infosec than #webdev.
Tried some things with xxe and found a really cool bypass to WAF through ...December 31, 2020
I added a method to bypass a WAF from XXE now on PayloadsAllTheThings
https://t.co/mFnOeV8Orl…
XXE WAF Bypass payload:
https://t.co/mFnOeV8Orl…
...December 4, 2020