| 1159 | Bypassing ModSecurity for RCEs |
WAF bypass
Code injection
RCE |
ModSecurity |
Somdev Sangwan (s0md3v) |
Bug Bounty | 2022-08-29 | 2023-06-13 |
| 1086 | Data Exfiltration through Blind XXE on PDF Generator |
Blind XXE
WAF bypass |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2022-09-13 | 2023-06-13 |
| 1042 | WAF bypasses via 0days |
WAF bypass
Content-type confusion
Charset confusion |
ModSecurity |
Terjanq (@terjanq) |
Bug Bounty | 2022-09-23 | 2023-06-13 |
| 996 | Error based SQL Injection with WAF bypass manual Exploit 100% |
SQL injection
WAF bypass |
NA |
Ahmed Qaramany (@c0nqr0r) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
| 977 | Web application firewall bypass |
WAF bypass |
NA |
- |
Bug Bounty | 2022-10-11 | 2023-06-13 |
| 813 | Bypassing XSS filters using Double Encoding |
XSS
WAF bypass |
NA |
ag3n7 (@ag3n7apk) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
| 729 | Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass |
SSTI
RCE
WAF bypass |
GitHub |
Peter M (@h1pmnh) |
Bug Bounty | 2022-12-04 | 2023-06-13 |
| 717 | {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF |
WAF bypass
SQL injection |
Palo Alto Networks
AWS
Cloudflare
F5
Imperva |
Noam Moshe |
Bug Bounty | 2022-12-08 | 2023-06-13 |
| 712 | Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder |
XSS
WAF bypass |
NA |
Riccardo Malatesta (@seeu_inspace) |
Bug Bounty | 2022-12-10 | 2023-06-13 |
| 698 | Exploiting an SQL injection with WAF bypass |
SQL injection
WAF bypass |
NA |
Benoit Philippe |
Bug Bounty | 2022-12-13 | 2023-06-13 |
| 697 | Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia |
SSTI
WAF bypass |
NA |
JzeeRx |
Bug Bounty | 2022-12-13 | 2023-06-13 |
| 636 | Exploring the World of ESI Injection |
ESI injection
WAF bypass
XSS |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2022-12-29 | 2023-06-13 |
| 558 | Bypassing Cloudflare WAF: XSS via SQL Injection |
Reflected XSS
SQL injection
WAF bypass |
NA |
Uku Sõrmus |
Bug Bounty | 2023-01-21 | 2023-06-13 |
| 481 | Reflected XSS on Target with tough WAF ( WAF Bypass ) |
Reflected XSS
WAF bypass |
NA |
Eagle_92 |
Bug Bounty | 2023-02-08 | 2023-06-13 |
| 454 | SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFs |
SQL injection
WAF bypass |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 428 | Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header |
WAF bypass
CRLF injection
XSS |
Akamai |
Adam Crosser |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 322 | Rxss inside href attribute - Bypassing lots of weird checks to takeover accounts! |
Reflected XSS
WAF bypass |
NA |
Ashutosh Dutta (@maniacmarvel_) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 177 | How I hacked hackers in Voorivex Hunt Event |
Cloudflare bypass
WAF bypass
Account takeover |
NA |
snoopy (@snoopy101101) |
Bug Bounty | 2023-04-19 | 2023-06-13 |
| 141 | Bug Bounty Writeup: Stored XSS Vulnerability WAF Bypass |
Stored XSS
WAF bypass |
NA |
Rafael Silva "lopseg" |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 122 | A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
postMessage
JSONP
DOM XSS
CORS misconfiguration
CSRF
WAF bypass |
NA |
Julien Cretel (@jub0bs) |
Bug Bounty | 2023-05-05 | 2023-06-13 |
| 115 | How I discovered XSS via triple URL encode |
XSS
WAF bypass |
NA |
Muhammed Mubarak |
Bug Bounty | 2023-05-07 | 2023-06-13 |
| 35 | Bypassing An Industry-Leading WAF and Exploiting SQLi |
SQL injection
WAF bypass |
NA |
Adeeb Shah |
Bug Bounty | 2023-06-01 | 2023-06-13 |
| 33 | Prototype Pollution Akamai |
Client-side prototype pollution
WAF bypass |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2023-06-03 | 2023-06-13 |
