Python3

WAF Bypass - Filter collision

by Brumens

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

WAF Bypass - Filter collision

Description

The firewall will detect a certain amount of patterns, but when the payload is handled by the backend server, the payload will be filtered and modified before being reflected in the response.

Goal

Bypass the firewall by exploiting the filter collision.

Hints

Hint #1

expand_more

An invalid filter modification from the backend application can make a WAF's protection mechanism completely useless.

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result