FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 82, column 0: content:encoded should not contain data-width attribute (7 occurrences) [help]
```
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
```
line 82, column 0: content:encoded should not contain data-dnt attribute (7 occurrences) [help]
```
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
```
line 85, column 0: content:encoded should not contain script tag (7 occurrences) [help]
```
<script async src="https://platform.twitter.com/widgets.js" charset="utf- ...
```

Source: https://waf-bypass.com/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Web application firewalls bypasses collection and testing tools</title>
<atom:link href="https://waf-bypass.com/feed/" rel="self" type="application/rss+xml" />
<link>https://waf-bypass.com</link>
<description>How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP</description>
<lastBuildDate>Fri, 11 Apr 2025 06:00:03 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.7.2</generator>
<image>
<url>https://waf-bypass.com/wp-content/uploads/2021/11/cropped-favicon-1-1-32x32.png</url>
<title>Web application firewalls bypasses collection and testing tools</title>
<link>https://waf-bypass.com</link>
<width>32</width>
<height>32</height>
</image>
<item>
<title>WAF bypass by GREENARM0R</title>
<link>https://waf-bypass.com/2025/04/11/waf-bypass-by-greenarm0r/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-greenarm0r</link>
<comments>https://waf-bypass.com/2025/04/11/waf-bypass-by-greenarm0r/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 11 Apr 2025 06:00:03 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/11/waf-bypass-by-greenarm0r/</guid>
<description><![CDATA[The bypass tool enables bypassing security restrictions through HTTPS/TLS, making it easier to bypass IDS/IPS and WAF, as well as restrictions imposed on the firewall. Additionally, it supports SOCKS5 and TUN, with SOCKS5 being ideal for routing tools like proxychains, Burp Suite, or your browser through the tunnel. Check out the original tweet here: https://twitter.com/GREENARM0R/status/1910326158425473514]]></description>
<content:encoded><![CDATA[The bypass tool enables bypassing security restrictions through HTTPS/TLS, making it easier to bypass IDS/IPS and WAF, as well as restrictions imposed on the firewall. Additionally, it supports SOCKS5 and TUN, with SOCKS5 being ideal for routing tools like proxychains, Burp Suite, or your browser through the tunnel. 
Check out the original tweet here: https://twitter.com/GREENARM0R/status/1910326158425473514
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/11/waf-bypass-by-greenarm0r/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by KirollosBotros1</title>
<link>https://waf-bypass.com/2025/04/11/waf-bypass-by-kirollosbotros1/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-kirollosbotros1</link>
<comments>https://waf-bypass.com/2025/04/11/waf-bypass-by-kirollosbotros1/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 11 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/11/waf-bypass-by-kirollosbotros1/</guid>
<description><![CDATA[The tweet suggests using SQLMap with the -tamper flag to bypass the WAF for bug bounty or penetration testing purposes. This technique is commonly used for SQL injection vulnerabilities. It is important to note that bypassing a WAF without proper authorization may be against ethical guidelines. It is recommended to report any vulnerabilities responsibly to […]]]></description>
<content:encoded><![CDATA[The tweet suggests using SQLMap with the -tamper flag to bypass the WAF for bug bounty or penetration testing purposes. This technique is commonly used for SQL injection vulnerabilities. It is important to note that bypassing a WAF without proper authorization may be against ethical guidelines. It is recommended to report any vulnerabilities responsibly to the appropriate parties. 
For more insights, check out the original tweet here: https://twitter.com/KirollosBotros1/status/1910499076178928105. And don’t forget to follow @KirollosBotros1 for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/11/waf-bypass-by-kirollosbotros1/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by AadityaPatil_</title>
<link>https://waf-bypass.com/2025/04/10/waf-bypass-by-aadityapatil_/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-aadityapatil_</link>
<comments>https://waf-bypass.com/2025/04/10/waf-bypass-by-aadityapatil_/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 10 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/10/waf-bypass-by-aadityapatil_/</guid>
<description><![CDATA[The user mentioned using Burp Suite MCP Server with Claude Desktop for WAF bypass testing. This combination proved to be effective in providing WAF bypass requests directly in Repeater without extra work. This toolset can be super helpful for quickly testing different payloads during pentesting activities. #CyberSecurity #BugBounty #WAFBypass Just tried out Burp Suite MCP […]]]></description>
<content:encoded><![CDATA[The user mentioned using Burp Suite MCP Server with Claude Desktop for WAF bypass testing. This combination proved to be effective in providing WAF bypass requests directly in Repeater without extra work. This toolset can be super helpful for quickly testing different payloads during pentesting activities. #CyberSecurity #BugBounty #WAFBypass
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
Just tried out Burp Suite MCP Server with Claude Desktop today, and it worked really well. It gave me WAF bypass requests directly in Repeaterno extra work needed. Super helpful for quickly testing different payloads during pentesting <a href="https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw">#CyberSecurity</a> <a href="https://twitter.com/hashtag/BugBounty?src=hash&ref_src=twsrc%5Etfw">#BugBounty</a> <a href="https://twitter.com/hashtag/BurpSuite?src=hash&ref_src=twsrc%5Etfw">#BurpSuite</a> <a href="https://twitter.com/hashtag/Claude?src=hash&ref_src=twsrc%5Etfw">#Claude</a>
— Aditya Patil (@AadityaPatil_) <a href="https://twitter.com/AadityaPatil_/status/1909901256681807955?ref_src=twsrc%5Etfw">April 9, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/10/waf-bypass-by-aadityapatil_/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by Nicatabb</title>
<link>https://waf-bypass.com/2025/04/10/waf-bypass-by-nicatabb/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-nicatabb</link>
<comments>https://waf-bypass.com/2025/04/10/waf-bypass-by-nicatabb/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 10 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/10/waf-bypass-by-nicatabb/</guid>
<description><![CDATA[This is an XSS bypass for Imperva WAF. The payload used is '&gt;&lt;input type=hidden oncontentvisibilityautostatechange=alert(1) style=content-visibility:auto&gt;'. Details of the bypass: The payload exploits the oncontentvisibilityautostatechange attribute to trigger an alert(1) function, allowing an attacker to execute arbitrary JavaScript code. For more technical details, visit the blog post. Check out the original tweet here: https://twitter.com/Nicatabb/status/1909959990778962096]]></description>
<content:encoded><![CDATA[This is an XSS bypass for Imperva WAF. The payload used is '&gt;&lt;input type=hidden oncontentvisibilityautostatechange=alert(1) style=content-visibility:auto&gt;'. Details of the bypass: The payload exploits the oncontentvisibilityautostatechange attribute to trigger an alert(1) function, allowing an attacker to execute arbitrary JavaScript code. For more technical details, visit the blog post. 
Check out the original tweet here: https://twitter.com/Nicatabb/status/1909959990778962096
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/10/waf-bypass-by-nicatabb/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by mossad_inside</title>
<link>https://waf-bypass.com/2025/04/10/waf-bypass-by-mossad_inside/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-mossad_inside</link>
<comments>https://waf-bypass.com/2025/04/10/waf-bypass-by-mossad_inside/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 10 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/10/waf-bypass-by-mossad_inside/</guid>
<description><![CDATA[The tweet mentions a successful bypass of the Bangladesh WAF using a curl command with proxy and SSL ignore options. It suggests hiring a UI developer for the website. A blog post can detail the process of the bypass, the implications for the security of the website, and recommendations for securing the WAF against such […]]]></description>
<content:encoded><![CDATA[The tweet mentions a successful bypass of the Bangladesh WAF using a curl command with proxy and SSL ignore options. It suggests hiring a UI developer for the website. A blog post can detail the process of the bypass, the implications for the security of the website, and recommendations for securing the WAF against such bypasses. 
For more insights, check out the original tweet here: https://twitter.com/mossad_inside/status/1910159504269865020
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/10/waf-bypass-by-mossad_inside/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by gillzzey</title>
<link>https://waf-bypass.com/2025/04/09/waf-bypass-by-gillzzey/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-gillzzey</link>
<comments>https://waf-bypass.com/2025/04/09/waf-bypass-by-gillzzey/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Wed, 09 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/09/waf-bypass-by-gillzzey/</guid>
<description><![CDATA[This tweet highlights multiple XSS vulnerabilities and bypass techniques, including PostMessage Source Check Bypass, Parameter Smuggling, WAF Bypass via Hash Tricks, hostname validation bypass using dot trailing, and UserWay XSS via QuerySelector Injection. These techniques can circumvent various web application firewalls. A detailed blog post with technical details is recommended. For more insights, check out […]]]></description>
<content:encoded><![CDATA[This tweet highlights multiple XSS vulnerabilities and bypass techniques, including PostMessage Source Check Bypass, Parameter Smuggling, WAF Bypass via Hash Tricks, hostname validation bypass using dot trailing, and UserWay XSS via QuerySelector Injection. These techniques can circumvent various web application firewalls. A detailed blog post with technical details is recommended. 
For more insights, check out the original tweet here: https://twitter.com/gillzzey/status/1909604181549498582. And don’t forget to follow @gillzzey for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/09/waf-bypass-by-gillzzey/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by nullret</title>
<link>https://waf-bypass.com/2025/04/08/waf-bypass-by-nullret/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-nullret</link>
<comments>https://waf-bypass.com/2025/04/08/waf-bypass-by-nullret/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Tue, 08 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/08/waf-bypass-by-nullret/</guid>
<description><![CDATA[The tweet mentions attempts to bypass Imperva WAF using encoded payloads, null bytes, case-swapping, and time-based delays. The user expresses frustration as the WAF remains resilient. This showcases the challenges faced in bypassing Imperva WAF's security measures. It would be interesting to explore the specific techniques used and the reasons for their failure in a […]]]></description>
<content:encoded><![CDATA[The tweet mentions attempts to bypass Imperva WAF using encoded payloads, null bytes, case-swapping, and time-based delays. The user expresses frustration as the WAF remains resilient. This showcases the challenges faced in bypassing Imperva WAF's security measures. It would be interesting to explore the specific techniques used and the reasons for their failure in a blog post, highlighting the robustness of Imperva's security technology. 
For more insights, check out the original tweet here: https://twitter.com/nullret/status/1909378176079614104. And don’t forget to follow @nullret for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/08/waf-bypass-by-nullret/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by Allan_K_R</title>
<link>https://waf-bypass.com/2025/04/07/waf-bypass-by-allan_k_r/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-allan_k_r</link>
<comments>https://waf-bypass.com/2025/04/07/waf-bypass-by-allan_k_r/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Mon, 07 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/07/waf-bypass-by-allan_k_r/</guid>
<description><![CDATA[The tweet suggests using rotating proxies on a VPN for WAF bypass. This approach can help in creating a large pool of IP addresses to evade WAF detection. Running the tool on a VPS can handle the huge workload efficiently. However, it's important to note that using rotating proxies for WAF bypass may have legal […]]]></description>
<content:encoded><![CDATA[The tweet suggests using rotating proxies on a VPN for WAF bypass. This approach can help in creating a large pool of IP addresses to evade WAF detection. Running the tool on a VPS can handle the huge workload efficiently. However, it's important to note that using rotating proxies for WAF bypass may have legal and ethical implications, so use it responsibly. 
For more details, check out the original tweet here: https://twitter.com/Allan_K_R/status/1908877834698842245
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/07/waf-bypass-by-allan_k_r/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by coffinxp7</title>
<link>https://waf-bypass.com/2025/04/07/waf-bypass-by-coffinxp7-38/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-coffinxp7-38</link>
<comments>https://waf-bypass.com/2025/04/07/waf-bypass-by-coffinxp7-38/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Mon, 07 Apr 2025 06:00:03 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/07/waf-bypass-by-coffinxp7-38/</guid>
<description><![CDATA[Using a proxy with multiple IPs in every request can be a more effective option than using a VPN for WAF or rate limit bypass. This method allows for bypassing rate limits by sending requests from different IP addresses. Consider this approach for enhancing your bypass techniques. Check out the original tweet here: https://twitter.com/coffinxp7/status/1908878532324835382]]></description>
<content:encoded><![CDATA[Using a proxy with multiple IPs in every request can be a more effective option than using a VPN for WAF or rate limit bypass. This method allows for bypassing rate limits by sending requests from different IP addresses. Consider this approach for enhancing your bypass techniques. 
Check out the original tweet here: https://twitter.com/coffinxp7/status/1908878532324835382
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/07/waf-bypass-by-coffinxp7-38/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by iampopg</title>
<link>https://waf-bypass.com/2025/04/07/waf-bypass-by-iampopg-2/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-iampopg-2</link>
<comments>https://waf-bypass.com/2025/04/07/waf-bypass-by-iampopg-2/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Mon, 07 Apr 2025 05:00:07 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/07/waf-bypass-by-iampopg-2/</guid>
<description><![CDATA[The tweet mentions using 'Ghuari' for WAF bypass. Ghuari could be a custom tool or payload used for bypassing Web Application Firewalls. It is important to conduct further analysis to understand its capabilities and effectiveness in bypassing different WAFs. For more insights, check out the original tweet here: https://twitter.com/iampopg/status/1908929279355675028]]></description>
<content:encoded><![CDATA[The tweet mentions using 'Ghuari' for WAF bypass. Ghuari could be a custom tool or payload used for bypassing Web Application Firewalls. It is important to conduct further analysis to understand its capabilities and effectiveness in bypassing different WAFs. 
For more insights, check out the original tweet here: https://twitter.com/iampopg/status/1908929279355675028
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/07/waf-bypass-by-iampopg-2/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by RoxyhunkPush</title>
<link>https://waf-bypass.com/2025/04/06/waf-bypass-by-roxyhunkpush-7/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-roxyhunkpush-7</link>
<comments>https://waf-bypass.com/2025/04/06/waf-bypass-by-roxyhunkpush-7/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sun, 06 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/06/waf-bypass-by-roxyhunkpush-7/</guid>
<description><![CDATA[The tweet mentions collecting URLs with GF patterns, automating error-based SQL injection using nuclei templates, and manually analyzing databases. It also highlights that 90% of time-based SQL injections are not protected. The tweet concludes by stating that SQLi WAFs are easy to bypass. This tweet emphasizes the prevalence of SQL injection vulnerabilities and the effectiveness […]]]></description>
<content:encoded><![CDATA[The tweet mentions collecting URLs with GF patterns, automating error-based SQL injection using nuclei templates, and manually analyzing databases. It also highlights that 90% of time-based SQL injections are not protected. The tweet concludes by stating that SQLi WAFs are easy to bypass. This tweet emphasizes the prevalence of SQL injection vulnerabilities and the effectiveness of blind boolean SQLi payloads in bypassing SQLi WAFs. This information can be used to raise awareness about the importance of securing against SQL injection attacks.
Original tweet: https://twitter.com/RoxyhunkPush/status/1908570190171808095
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/06/waf-bypass-by-roxyhunkpush-7/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by TheDarkSideOps</title>
<link>https://waf-bypass.com/2025/04/06/waf-bypass-by-thedarksideops/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-thedarksideops</link>
<comments>https://waf-bypass.com/2025/04/06/waf-bypass-by-thedarksideops/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sun, 06 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/06/waf-bypass-by-thedarksideops/</guid>
<description><![CDATA[A vulnerability in the JSON processing of the backend system allows an attacker to bypass the WAF using unicode obfuscation. By injecting a malicious payload into the PUT request at /api/user/profile, the attacker can trigger a stored XSS attack on /dashboard/profile. This bypass technique exploits the trust placed on JSON fields by the backend system, […]]]></description>
<content:encoded><![CDATA[A vulnerability in the JSON processing of the backend system allows an attacker to bypass the WAF using unicode obfuscation. By injecting a malicious payload into the PUT request at /api/user/profile, the attacker can trigger a stored XSS attack on /dashboard/profile. This bypass technique exploits the trust placed on JSON fields by the backend system, even though client-side sanitization is in place. The WAF evasion technique showcases the importance of thorough input validation and security measures to prevent such attacks.
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
Inject `{"profile":{"name":"<svg onload=alert(1)>"},"email":"x@x.com"}` into PUT `/api/user/profile` where client-side sanitizes but backend trusts JSON fields. Bypass WAF using unicode obfuscation and trigger stored XSS on `/dashboard/profile`. <a href="https://twitter.com/hashtag/bugbounty?src=hash&ref_src=twsrc%5Etfw">#bugbounty</a> <a href="https://twitter.com/hashtag/hacking?src=hash&ref_src=twsrc%5Etfw">#hacking</a>
— Parth Patel (@TheDarkSideOps) <a href="https://twitter.com/TheDarkSideOps/status/1908570290461786320?ref_src=twsrc%5Etfw">April 5, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/06/waf-bypass-by-thedarksideops/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by seke4l</title>
<link>https://waf-bypass.com/2025/04/06/waf-bypass-by-seke4l-8/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-seke4l-8</link>
<comments>https://waf-bypass.com/2025/04/06/waf-bypass-by-seke4l-8/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sun, 06 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/06/waf-bypass-by-seke4l-8/</guid>
<description><![CDATA[A DOM XSS bypass was discovered affecting Akamai WAF. The bypass payload used was 'javascript:window['al'+'er'+(['t','b','c'][0])](origin)'. The attacker utilized the referer header to bypass the WAF and exploit the vulnerability by hosting the payload on their own server. This highlights a security weakness in the Akamai WAF that allows for DOM XSS attacks. #CyberSecurity #BugBounty #pentest […]]]></description>
<content:encoded><![CDATA[A DOM XSS bypass was discovered affecting Akamai WAF. The bypass payload used was 'javascript:window['al'+'er'+(['t','b','c'][0])](origin)'. The attacker utilized the referer header to bypass the WAF and exploit the vulnerability by hosting the payload on their own server. This highlights a security weakness in the Akamai WAF that allows for DOM XSS attacks. #CyberSecurity #BugBounty #pentest
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
Always look everything: DOM XSS + Akamai Waf Bypass
Payload: javascript:window['al'+'er'+(['t','b','c'][0])](origin)
The url can't open directly, due referer header, so was put a html for exploit to my own server.<a href="https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw">#CyberSecurity</a> <a href="https://twitter.com/hashtag/BugBounty?src=hash&ref_src=twsrc%5Etfw">#BugBounty</a> <a href="https://twitter.com/hashtag/pentest?src=hash&ref_src=twsrc%5Etfw">#pentest</a> <a href="https://t.co/5Zbm41paDp">https://t.co/5Zbm41paDp</a>
— Seke4l (@seke4l) <a href="https://twitter.com/seke4l/status/1908596094260433240?ref_src=twsrc%5Etfw">April 5, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/06/waf-bypass-by-seke4l-8/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by kobi_hk</title>
<link>https://waf-bypass.com/2025/04/05/waf-bypass-by-kobi_hk/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-kobi_hk</link>
<comments>https://waf-bypass.com/2025/04/05/waf-bypass-by-kobi_hk/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sat, 05 Apr 2025 08:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/05/waf-bypass-by-kobi_hk/</guid>
<description><![CDATA[A DOM XSS bypass was discovered for Akamai WAF. The payload used was 'javascript:window['al'+'er'+(['t','b','c'][0])](origin)'. Due to the referer header restriction, the URL cannot be opened directly, but an HTML exploit was used to send the payload to a server for exploitation. This bypass poses a serious security risk and highlights a vulnerability in Akamai WAF […]]]></description>
<content:encoded><![CDATA[A DOM XSS bypass was discovered for Akamai WAF. The payload used was 'javascript:window['al'+'er'+(['t','b','c'][0])](origin)'. Due to the referer header restriction, the URL cannot be opened directly, but an HTML exploit was used to send the payload to a server for exploitation. This bypass poses a serious security risk and highlights a vulnerability in Akamai WAF that allows an attacker to execute arbitrary JavaScript code on the target website. Security measures need to be implemented to prevent such bypasses in the future.
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
DOM XSS + Akamai Waf Bypass??
Payload: javascript:window['al'+'er'+(['t','b','c'][0])](origin)
The url can't open directly, due referer header, i put a html for exploit to my own server. <a href="https://t.co/z0skB2CJbE">pic.twitter.com/z0skB2CJbE</a>
— mobin (@kobi_hk) <a href="https://twitter.com/kobi_hk/status/1908090669727375459?ref_src=twsrc%5Etfw">April 4, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/05/waf-bypass-by-kobi_hk/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by coffinxp7</title>
<link>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-37/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-coffinxp7-37</link>
<comments>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-37/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sat, 05 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-37/</guid>
<description><![CDATA[The tweet discusses a WAF bypass using proxychains in SQLMap for SQL Injection vulnerabilities, specifically targeting Cloudflare and ModSecurity. The upcoming video will demonstrate a live bypass on these WAFs. This method is significant as it shows how attackers can circumvent security measures to exploit vulnerabilities. It's crucial for organizations to be aware of such […]]]></description>
<content:encoded><![CDATA[The tweet discusses a WAF bypass using proxychains in SQLMap for SQL Injection vulnerabilities, specifically targeting Cloudflare and ModSecurity. The upcoming video will demonstrate a live bypass on these WAFs. This method is significant as it shows how attackers can circumvent security measures to exploit vulnerabilities. It's crucial for organizations to be aware of such bypass techniques to enhance their cybersecurity defenses. 
For more details, check out the original tweet here: https://twitter.com/coffinxp7/status/1908097762069008716
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-37/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by R4yt3d</title>
<link>https://waf-bypass.com/2025/04/05/waf-bypass-by-r4yt3d/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-r4yt3d</link>
<comments>https://waf-bypass.com/2025/04/05/waf-bypass-by-r4yt3d/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sat, 05 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/05/waf-bypass-by-r4yt3d/</guid>
<description><![CDATA[A React Router flaw has been identified that exposes web apps to cache poisoning and WAF bypass attacks. The vulnerability affects the React Router, making it susceptible to cache poisoning and bypassing Web Application Firewalls (WAFs). This bypass exploit can potentially enable attackers to evade WAF protections and carry out malicious activities. WAF administrators and […]]]></description>
<content:encoded><![CDATA[A React Router flaw has been identified that exposes web apps to cache poisoning and WAF bypass attacks. The vulnerability affects the React Router, making it susceptible to cache poisoning and bypassing Web Application Firewalls (WAFs). This bypass exploit can potentially enable attackers to evade WAF protections and carry out malicious activities. WAF administrators and developers should be aware of this issue and take necessary steps to mitigate the risk. For more technical details, check out the blog post on this WAF bypass vulnerability.
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
Cyber Security news I found interesting: React Router Flaw Exposes Web Apps to Cache Poisoning & WAF Bypass Attacks <a href="https://t.co/elxt4hNivW">https://t.co/elxt4hNivW</a><a href="https://twitter.com/hashtag/R4yt3d?src=hash&ref_src=twsrc%5Etfw">#R4yt3d</a>
— Ray (@R4yt3d) <a href="https://twitter.com/R4yt3d/status/1908105971949256882?ref_src=twsrc%5Etfw">April 4, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/05/waf-bypass-by-r4yt3d/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by coffinxp7</title>
<link>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-36/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-coffinxp7-36</link>
<comments>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-36/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Sat, 05 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-36/</guid>
<description><![CDATA[The tweet mentions attempting to bypass a WAF that is blocking Akamai SQL Injections. The user expresses interest in trying a website in their free time for bypassing, ensuring it's not a false positive. This could lead to potential WAF evasion techniques that may be risky and unethical. More information is needed to provide a […]]]></description>
<content:encoded><![CDATA[The tweet mentions attempting to bypass a WAF that is blocking Akamai SQL Injections. The user expresses interest in trying a website in their free time for bypassing, ensuring it's not a false positive. This could lead to potential WAF evasion techniques that may be risky and unethical. More information is needed to provide a detailed analysis. 
For more insights, check out the original tweet here: https://twitter.com/coffinxp7/status/1908344232781165046. And don’t forget to follow @coffinxp7 for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/05/waf-bypass-by-coffinxp7-36/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by MachinaRecord</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-machinarecord/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-machinarecord</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-machinarecord/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 11:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-machinarecord/</guid>
<description><![CDATA[A vulnerability in React Router exposes web applications to cache poisoning and WAF bypass attacks. For more technical details, visit https://exampleblog.com/react-router-waf-bypass For more insights, check out the original tweet here: https://twitter.com/MachinaRecord/status/1907657510988976315]]></description>
<content:encoded><![CDATA[A vulnerability in React Router exposes web applications to cache poisoning and WAF bypass attacks. For more technical details, visit https://exampleblog.com/react-router-waf-bypass 
For more insights, check out the original tweet here: https://twitter.com/MachinaRecord/status/1907657510988976315
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-machinarecord/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by zoomeye_team</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-zoomeye_team/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-zoomeye_team</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-zoomeye_team/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 10:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-zoomeye_team/</guid>
<description><![CDATA[A vulnerability CVE-2025-31137 in React Router is leaving Remix 2 and React Router 7 apps vulnerable to cache poisoning and WAF bypass attacks. Users running the Express adapter are at risk. For more technical details, visit: https://t.co/Ems1GIh4fL ??The vulnerability details are now available: https://t.co/Ems1GIh4fL ??CVE-2025-31137 (CVSS 7.5): React Router’s latest vuln is leaving Remix 2 […]]]></description>
<content:encoded><![CDATA[A vulnerability CVE-2025-31137 in React Router is leaving Remix 2 and React Router 7 apps vulnerable to cache poisoning and WAF bypass attacks. Users running the Express adapter are at risk. For more technical details, visit: https://t.co/Ems1GIh4fL
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
??The vulnerability details are now available: <a href="https://t.co/Ems1GIh4fL">https://t.co/Ems1GIh4fL</a>
??CVE-2025-31137 (CVSS 7.5): React Router’s latest vuln is leaving Remix 2 & React Router 7 apps WIDE OPEN to cache poisoning and WAF bypass attacks. If you’re running the Express adapter, you’re in the… <a href="https://t.co/w9C3GIVm83">https://t.co/w9C3GIVm83</a> <a href="https://t.co/hBSmxSN9A2">pic.twitter.com/hBSmxSN9A2</a>
— ZoomEye (@zoomeye_team) <a href="https://twitter.com/zoomeye_team/status/1907711011840569695?ref_src=twsrc%5Etfw">April 3, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-zoomeye_team/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by Vecoyenka</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka-2/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-vecoyenka-2</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka-2/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 09:00:03 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka-2/</guid>
<description><![CDATA[The tweet suggests studying the triggers for the 403 error and experimenting with encoding techniques to bypass the WAF. This approach indicates an attempt to evade the WAF's security mechanisms by manipulating the request data. It is important to understand the vulnerabilities and weaknesses in the WAF's configuration to effectively bypass it. Further analysis and […]]]></description>
<content:encoded><![CDATA[The tweet suggests studying the triggers for the 403 error and experimenting with encoding techniques to bypass the WAF. This approach indicates an attempt to evade the WAF's security mechanisms by manipulating the request data. It is important to understand the vulnerabilities and weaknesses in the WAF's configuration to effectively bypass it. Further analysis and testing are necessary to identify the specific bypass technique used in this scenario. 
For more details, check out the original tweet here: https://twitter.com/Vecoyenka/status/1907825513294422031
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka-2/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by cyb3rf034r3ss</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyb3rf034r3ss-4/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-cyb3rf034r3ss-4</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyb3rf034r3ss-4/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 08:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-cyb3rf034r3ss-4/</guid>
<description><![CDATA[AkamaiGhost WAF is known for being too strict, making it difficult to bypass. Users have expressed frustration with its strict rules on security. If you have any guides or proof of concepts on how to bypass AkamaiGhost WAF, please share them to help others navigate through its restrictions. For more insights, check out the original […]]]></description>
<content:encoded><![CDATA[AkamaiGhost WAF is known for being too strict, making it difficult to bypass. Users have expressed frustration with its strict rules on security. If you have any guides or proof of concepts on how to bypass AkamaiGhost WAF, please share them to help others navigate through its restrictions. 
For more insights, check out the original tweet here: https://twitter.com/cyb3rf034r3ss/status/1907839005971952078
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyb3rf034r3ss-4/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by Vecoyenka</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-vecoyenka</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka/</guid>
<description><![CDATA[A new XSS bypass was discovered affecting AWS WAF. The payload <script>alert(1)</script> was successfully used to bypass the protection. Detailed technical information can be found in the blogpost. For more insights, check out the original tweet here: https://twitter.com/Vecoyenka/status/1907840135921631240. And don’t forget to follow @Vecoyenka for more exciting updates in the world of cybersecurity.]]></description>
<content:encoded><![CDATA[A new XSS bypass was discovered affecting AWS WAF. The payload <script>alert(1)</script> was successfully used to bypass the protection. Detailed technical information can be found in the blogpost. 
For more insights, check out the original tweet here: https://twitter.com/Vecoyenka/status/1907840135921631240. And don’t forget to follow @Vecoyenka for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-vecoyenka/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by cyberartisan_</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyberartisan_-2/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-cyberartisan_-2</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyberartisan_-2/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-cyberartisan_-2/</guid>
<description><![CDATA[WAFs may catch basic Host Header attacks, but often miss SSRF, cache poisoning, or auth bypass. Proper server-side validation is key—don’t rely on WAF alone. #WebSecurity #BugBounty #CyberSecurity Original tweet: https://twitter.com/cyberartisan_/status/1907880360416858414]]></description>
<content:encoded><![CDATA[WAFs may catch basic Host Header attacks, but often miss SSRF, cache poisoning, or auth bypass. Proper server-side validation is key—don’t rely on WAF alone. #WebSecurity #BugBounty #CyberSecurity 
Original tweet: https://twitter.com/cyberartisan_/status/1907880360416858414
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-cyberartisan_-2/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by securityLab_jp</title>
<link>https://waf-bypass.com/2025/04/04/waf-bypass-by-securitylab_jp/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-securitylab_jp</link>
<comments>https://waf-bypass.com/2025/04/04/waf-bypass-by-securitylab_jp/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Fri, 04 Apr 2025 05:00:04 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/04/waf-bypass-by-securitylab_jp/</guid>
<description><![CDATA[This tweet mentions a vulnerability in React Router (CVE-2025-31137) that can be exploited for cache poisoning and WAF bypass attacks. The specific details of the bypass are not provided in the tweet. It is important to analyze the vulnerability further and take necessary security measures to protect against potential attacks. #Security #WAFBypass For more details, […]]]></description>
<content:encoded><![CDATA[This tweet mentions a vulnerability in React Router (CVE-2025-31137) that can be exploited for cache poisoning and WAF bypass attacks. The specific details of the bypass are not provided in the tweet. It is important to analyze the vulnerability further and take necessary security measures to protect against potential attacks. #Security #WAFBypass 
For more details, check out the original tweet here: https://twitter.com/securityLab_jp/status/1907950003341111354
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/04/waf-bypass-by-securitylab_jp/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by _doesnotcompute</title>
<link>https://waf-bypass.com/2025/04/03/waf-bypass-by-_doesnotcompute/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-_doesnotcompute</link>
<comments>https://waf-bypass.com/2025/04/03/waf-bypass-by-_doesnotcompute/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 03 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/03/waf-bypass-by-_doesnotcompute/</guid>
<description><![CDATA[When bypassing a WAF, trying different event handlers can be effective. In this case, attempting "ontest" can reveal if the WAF block starts with 'on'. If unsuccessful, further evasion techniques may be necessary. For more insights, check out the original tweet here: https://twitter.com/_doesnotcompute/status/1907528172897185899. And don’t forget to follow @_doesnotcompute for more exciting updates in the […]]]></description>
<content:encoded><![CDATA[When bypassing a WAF, trying different event handlers can be effective. In this case, attempting "ontest" can reveal if the WAF block starts with 'on'. If unsuccessful, further evasion techniques may be necessary. 
For more insights, check out the original tweet here: https://twitter.com/_doesnotcompute/status/1907528172897185899. And don’t forget to follow @_doesnotcompute for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/03/waf-bypass-by-_doesnotcompute/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by the_yellow_fall</title>
<link>https://waf-bypass.com/2025/04/03/waf-bypass-by-the_yellow_fall-4/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-the_yellow_fall-4</link>
<comments>https://waf-bypass.com/2025/04/03/waf-bypass-by-the_yellow_fall-4/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 03 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/03/waf-bypass-by-the_yellow_fall-4/</guid>
<description><![CDATA[A newly discovered flaw, CVE-2025-31137, has been identified in React Router, a popular library used for managing routing in React applications. React Router is a widely used library with over 13.2 million weekly downloads. Stay updated with security patches and updates from the React Router team to mitigate any potential risks. A newly discovered flaw, […]]]></description>
<content:encoded><![CDATA[A newly discovered flaw, CVE-2025-31137, has been identified in React Router, a popular library used for managing routing in React applications. React Router is a widely used library with over 13.2 million weekly downloads. Stay updated with security patches and updates from the React Router team to mitigate any potential risks.
<blockquote class="twitter-tweet" data-width="550" data-dnt="true">
A newly discovered flaw, CVE-2025-31137, has been identified in React Router, a popular library used for managing routing in React applications
React Router is a widely used library, with one report stating it has over 13.2 million weekly downloads<a href="https://t.co/ODjeOlgdm6">https://t.co/ODjeOlgdm6</a>
— Gray Hats (@the_yellow_fall) <a href="https://twitter.com/the_yellow_fall/status/1907612557445312618?ref_src=twsrc%5Etfw">April 3, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/03/waf-bypass-by-the_yellow_fall-4/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by HunterMapping</title>
<link>https://waf-bypass.com/2025/04/03/waf-bypass-by-huntermapping/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-huntermapping</link>
<comments>https://waf-bypass.com/2025/04/03/waf-bypass-by-huntermapping/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Thu, 03 Apr 2025 05:00:03 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/03/waf-bypass-by-huntermapping/</guid>
<description><![CDATA[A vulnerability (CVE-2025-31137) in React Router exposes web apps to cache poisoning and WAF bypass attacks. This can impact 11K+ services yearly. Detailed analysis by @zhero___ & @inzo____. Learn more at the provided link. #Security #Cybersecurity For more insights, check out the original tweet here: https://twitter.com/HunterMapping/status/1907637252509041071. And don’t forget to follow @HunterMapping for more exciting […]]]></description>
<content:encoded><![CDATA[A vulnerability (CVE-2025-31137) in React Router exposes web apps to cache poisoning and WAF bypass attacks. This can impact 11K+ services yearly. Detailed analysis by @zhero___ & @inzo____. Learn more at the provided link. #Security #Cybersecurity 
For more insights, check out the original tweet here: https://twitter.com/HunterMapping/status/1907637252509041071. And don’t forget to follow @HunterMapping for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/03/waf-bypass-by-huntermapping/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by thelilnix</title>
<link>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix-2/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-thelilnix-2</link>
<comments>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix-2/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Wed, 02 Apr 2025 07:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix-2/</guid>
<description><![CDATA[The tweet contains an XSS payload used to bypass Akamai WAF. The payload includes JavaScript code for executing an alert function. The payload manipulates the content-visibility property to trigger the XSS. This bypass can potentially be used to execute malicious scripts on the target site. More details can be found in the tweet. #bugbountytips #bugbounty […]]]></description>
<content:encoded><![CDATA[The tweet contains an XSS payload used to bypass Akamai WAF. The payload includes JavaScript code for executing an alert function. The payload manipulates the content-visibility property to trigger the XSS. This bypass can potentially be used to execute malicious scripts on the target site. More details can be found in the tweet. #bugbountytips #bugbounty #lil_tips 
Check out the original tweet here: https://twitter.com/thelilnix/status/1907183547804438809
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix-2/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by thelilnix</title>
<link>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-thelilnix</link>
<comments>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Wed, 02 Apr 2025 06:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix/</guid>
<description><![CDATA[The tweet highlights a WAF bypass technique for Akamai WAF involving the parsing of unicode and escaped characters. By manually fuzzing the web application, the user discovered that the application is parsing these characters differently from the WAF, leading to a potential bypass. This mismatch in parsing can be exploited to bypass the WAF's protection. […]]]></description>
<content:encoded><![CDATA[The tweet highlights a WAF bypass technique for Akamai WAF involving the parsing of unicode and escaped characters. By manually fuzzing the web application, the user discovered that the application is parsing these characters differently from the WAF, leading to a potential bypass. This mismatch in parsing can be exploited to bypass the WAF's protection. Further details on the specific payloads used and the technical implications can be found in the tweet. 
For more insights, check out the original tweet here: https://twitter.com/thelilnix/status/1907183554884473264. And don’t forget to follow @thelilnix for more exciting updates in the world of cybersecurity.
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/02/waf-bypass-by-thelilnix/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>WAF bypass by JosephKanko4</title>
<link>https://waf-bypass.com/2025/04/02/waf-bypass-by-josephkanko4/?utm_source=rss&utm_medium=rss&utm_campaign=waf-bypass-by-josephkanko4</link>
<comments>https://waf-bypass.com/2025/04/02/waf-bypass-by-josephkanko4/#respond</comments>
<dc:creator><![CDATA[wafbypass]]></dc:creator>
<pubDate>Wed, 02 Apr 2025 05:00:02 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://waf-bypass.com/2025/04/02/waf-bypass-by-josephkanko4/</guid>
<description><![CDATA[The tweet discusses a bypass for Cloudflare WAF to access the origin server while avoiding WAF protection. The bypass method allows circumventing Cloudflare's WAF and reaching the origin server directly. A detailed blog post should be created covering the product, Cloudflare, the type of bypass used, and the technical details of how the bypass works. […]]]></description>
<content:encoded><![CDATA[The tweet discusses a bypass for Cloudflare WAF to access the origin server while avoiding WAF protection. The bypass method allows circumventing Cloudflare's WAF and reaching the origin server directly. A detailed blog post should be created covering the product, Cloudflare, the type of bypass used, and the technical details of how the bypass works. 
For more details, check out the original tweet here: https://twitter.com/JosephKanko4/status/1907193346797265282
]]></content:encoded>
<wfw:commentRss>https://waf-bypass.com/2025/04/02/waf-bypass-by-josephkanko4/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//waf-bypass.com/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//waf-bypass.com/feed/

Home · About · News · Docs · Terms