Thanks Thanks:  0
Dislikes Dislikes:  0
Results 1 to 2 of 2

Thread: How to bypass cloudflares WAF?

  1. #1
    Junior Member
    Status
    Offline
    Join Date
    Aug 2019
    Location
    Ireland
    Posts
    3
    Post Thanks / Like

    How to bypass cloudflares WAF?

    I've took the steps of trying to find the origin IP address that the site is being hosted on, however crimeflare.org will give me an address which currently points to an offshore cpanel. I need to bypass cloudflares WAF to SQLI a vulnerability I found within one of the sites endpoints.

  2. #2
    Junior Member 0x0's Avatar
    Status
    Offline
    Join Date
    Feb 2020
    Posts
    6
    Post Thanks / Like
    Have you tried Directory Traversal
    When you encounter a WAF which remove the "../" characters from the strings, just duplicate them.
    Code:
    ..././
    ...\.\
    Code:
    Bypass "../" with ";"
    ..;/
    http://domain.tld/page.jsp?include=..;/..;/sensitive.txt
    Could also mean you'll have to do a little dns recon to find the orgin ip if these don't work!

  3. Likes Plum liked this post

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •