Web Application Firewall (WAF) Evasion Techniques #3

Web Application Firewall (WAF) Evasion Techniques #3
2019-1-7 00:37:6 Author: medium.com(查看原文) 阅读量:9 收藏

This article explores how to use an uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let’s see how it can be done on CloudFlare WAF and ModSecurity OWASP CRS3.

1 min read

Jan 6, 2019

--

Read the full article here:

Web Application Firewall (WAF) Evasion Techniques #3

This article explores how to use an uninitialized Bash variable to bypass WAF regular expression based filters and…

www.secjuice.com

Infosec

Cybersecurity

Exploit

Firewall

Web

Written by theMiddle

Security Researcher

More from theMiddle

theMiddle

in

secjuice™

PHP SSRF Techniques

How to bypass filter_var(), preg_match() and parse_url()

7 min readMar 1, 2018

--

8

theMiddle

in

secjuice™

Web Application Firewall (WAF) Evasion Techniques

I can read your passwd file with: “/???/??t /???/??ss??”. Having fun with Sucuri WAF, ModSecurity, Paranoia Level and more…

9 min readDec 8, 2017

--

3

theMiddle

in

secjuice™

Web Application Firewall (WAF) Evasion Techniques #2

String concatenation in a Remote Command Execution payload makes you able to bypass firewall rules (Sucuri, ModSecurity)

9 min readJan 3, 2018

--

6

theMiddle

in

secjuice™

Detecting human users: Is there a way to block enumeration, fuzz or web scan?

No, you won’t be able to totally block them, but you would be surprised how stupid some bots are! Nginx + Lua FTW.

9 min readDec 27, 2017

--

See all from theMiddle

Recommended from Medium

Keijo Korte

Traefik proxy with Web Application Firewall (WAF)

Traefik proxy is a versatile and very lightweight cloud-native application gateway / load balancer that integrates really well with Docker…

4 min readJun 5

--

Salman Khan

$1,250 worth of Host Header Injection

What is Host Header Injection?

4 min read4 days ago

--

6

Lists

Stories to Help You Grow as a Software Developer

19 stories414 saves

New_Reading_List

174 stories124 saves

Staff Picks

457 stories305 saves

Chirag Agrawal

in

InfoSec Write-ups

22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

CVE-2023–3067: Stored Cross Site Scripting Vulnerability on renowned note-taking thick client app Trillium

2 min readSep 17

--

ZenRows

How to Bypass Cloudflare in 2023: The 8 Best Methods

About 1/5 of websites you need to scrape use Cloudflare, a hardcore anti-bot protection system that gets you blocked easily. So what can…

31 min readApr 10

--

theUnixe

5 Ways I Bypassed Your Web Application Firewall(WAF)

Introduction

7 min readJun 20

--

2

Habib Ullah

Exploited SQL injection vulnerability through cookie parameters

First of all this is my first blog so if you want to give me any suggestion so you can contact me on LinkedIn .

2 min readApr 20

--

See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams

文章来源: https://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques-3-1a9b437ecc77?source=rss-638c6a6ed4ad------2
如有侵权请联系:admin#unsafe.sh