| 4421 | How i was able to pwned application by Bypassing Cloudflare WAF |
WAF bypass |
NA |
gujjuboy10x00 (@vis_hacker) |
Bug Bounty | 2018-12-12 | 2023-06-13 |
| 4180 | The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! |
LFI
SSRF
WAF bypass
Cloudflare bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4120 | Unicode vs WAF — XSS WAF Bypass |
XSS |
NA |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-06-05 | 2023-06-13 |
| 4103 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
WAF bypass
LFI
Information disclosure |
NA |
Λявєη (@spenkkkkk) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 3523 | Bitrix WAF bypass |
Reflected XSS |
Mail.ru |
Roma Ramazanoff (@r0hack) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 2923 | Nick%27s infrequently updated blog |
WAF bypass
IP spoofing |
Cloudflare |
Nick Booher |
Bug Bounty | 2021-01-06 | 2023-06-13 |
| 2646 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
LFI
Information disclosure |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2021-04-13 | 2023-06-13 |
| 2400 | How I Bypassed a tough WAF to steal user cookies using XSS! |
XSS
WAF bypass |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2021-07-19 | 2023-06-13 |
| 2285 | SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection |
WAF bypass
SSRF
SQL injection |
NA |
Caesar Evan Santoso |
Bug Bounty | 2021-08-28 | 2023-06-13 |
| 2264 | chaining bugs from self XSS to account takeover |
Self-XSS
WAF bypass
CSRF
Account takeover |
NA |
Behnam Yazdanpanah (@abhiunix) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2139 | A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection |
SQL injection
WAF bypass |
AWS |
Marc Olivier Bergeron |
Bug Bounty | 2021-10-19 | 2023-06-13 |
| 1978 | How I was able to bypass WAF and find the origin IP and a few sensitive files |
WAF bypass |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2021-12-22 | 2023-06-13 |
| 1852 | Bypassing the AWS WAF protection with an 8KB bullet |
WAF bypass |
AWS |
Kloudle (@Kloudleinc) |
Bug Bounty | 2022-02-03 | 2023-06-13 |
| 1799 | Bypassing Cloudflare’s WAF! |
XSS
WAF bypass |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1785 | Piercing the Cloud Armor - The 8KB bypass in Google Cloud Platform WAF |
WAF bypass |
Google |
Kloudle (@Kloudleinc) |
Bug Bounty | 2022-02-24 | 2023-06-13 |
| 1734 | From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” |
WAF bypass
Weak credentials |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
| 1594 | Bypassing WAF for $2222 |
WAF bypass
Path traversal |
NA |
Divyansh Sharma |
Bug Bounty | 2022-04-27 | 2023-06-13 |
| 1563 | ResolveURI RXSS Imperva Waf Bypass |
XSS |
NA |
Ahsan Shahid (@hunter0x8) |
Bug Bounty | 2022-05-10 | 2023-06-13 |
| 1508 | How to find & access Admin Panel by digging into JS files…🥰 |
Weak credentials
WAF bypass |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-05-30 | 2023-06-13 |
| 1402 | ($$$) Origin ip to account takeover |
WAF bypass
Password reset
Host header injection
Account takeover |
NA |
Hemant Kumar |
Bug Bounty | 2022-07-02 | 2023-06-13 |
| 1320 | Deep understand ASPX file handling and some related attack vectors |
Local Privilege Escalation
WAF bypass |
Microsoft |
Rskvp93 (@rskvp93) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1280 | Came looking for SSRF and found XSS |
XSS
WAF bypass |
NA |
Ibrahim Radi (@ibraradi9) |
Bug Bounty | 2022-08-04 | 2023-06-13 |
| 1266 | Bypassed Cloudflare’s Web Application Firewall (WAF) |
XSS
HTML injection
WAF bypass |
NA |
Ansh Vaid (@anshvaid4) |
Bug Bounty | 2022-08-09 | 2023-06-13 |
| 1228 | XSS via Angular Template Injection |
CSTI
XSS
WAF bypass |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 1161 | Bypassing Amazon WAF to pop an alert() |
WAF bypass
XSS |
NA |
Manash (@manash036) |
Bug Bounty | 2022-08-29 | 2023-06-13 |
