cloudflare-bypass

2 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 6/10
File Upload blind SQLI
bug-bounty

A blind time-based SQL injection vulnerability was discovered in a file upload feature where the application stored the filename parameter in a database without proper sanitization. The vulnerability was confirmed by bypassing a Cloudflare WAF configuration issue and using SQL sleep payloads to measure response time differences.

sql-injection blind-sqli time-based-sqli file-upload filename-parameter waf-bypass cloudflare-bypass bug-bounty penetration-testing input-validation-bypass
Synack HackerOne Cloudflare WAF Burp Scanner Burp Proxy @reefbr @marcioalm @joaomatosf CVE-2019-2725 Red Hat RSA Authentication Manager Weblogic
jspin.re · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
The jorney of web cache firewall bypass to SSRF to AWS credentials compromise
bug-bounty

A detailed writeup of a multi-stage attack chain exploiting WAF bypass via DNS enumeration to discover origin server IP, leveraging LFI to bypass Cloudflare, then escalating to SSRF by bypassing Nginx web cache (using query string manipulation), and finally extracting AWS credentials from instance metadata. The attacker discovered that Nginx cache rules didn't account for query parameters, allowing cache bypass via appending '?' to metadata API calls.

waf-bypass cloudflare-bypass lfi ssrf aws-credentials web-cache-bypass nginx-cache instance-metadata dns-enumeration origin-ip-disclosure privilege-escalation multi-stage-attack
Avinash Jain logicbomb Cloudflare AWS Nginx CVE-2019-XXXX (instance metadata exploitation)
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details