From 14c6e195ff7276fec4cfe038a38221f3c0aa0a1b Mon Sep 17 00:00:00 2001 From: Mehdi Date: Thu, 16 Nov 2023 13:29:29 +0330 Subject: [PATCH] Update WAF Bypass.md --- WAF Bypass.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/WAF Bypass.md b/WAF Bypass.md index 4325422..fc4abeb 100644 --- a/WAF Bypass.md +++ b/WAF Bypass.md @@ -386,7 +386,7 @@ Flask removes the characters `\x85`, `\xA0`, `\x1F`, `\x1E`, `\x1D`, `\x1C`, `\x ## Spring Boot -Below, you will find a demonstration of how ACL protection can be circumvented by adding the character \x09 or at the end of the pathname: +Below, you will find a demonstration of how ACL protection can be circumvented by adding the character `\x09` or `\t` at the end of the pathname: ![spring](https://github.com/Mehdi0x90/Web_Hacking/assets/17106836/415e6a60-2be7-4af0-8513-e27cf8df2329) @@ -394,7 +394,7 @@ Below, you will find a demonstration of how ACL protection can be circumvented b | --- | --- | | 1.22.0 | `;` | | 1.21.6 | `;` | -| 1.20.2 | `\x09`, ; | +| 1.20.2 | `\x09`, `;` | | 1.18.0 | `\x09`, `;` | | 1.16.1 | `\x09`, `;` | @@ -429,7 +429,7 @@ location ~* ^/admin { ``` ## Bypassing AWS WAF ACL With Line Folding -It's possible to bypass AWS WAF protection in a HTTP header by using the following syntax where the AWS WAF won't understand X-Query header contains a sql injection payload while the node server behind will: +It's possible to bypass AWS WAF protection in a HTTP header by using the following syntax where the AWS WAF won't understand `X-Query` header contains a **sql injection payload** while the node server behind will: ```html GET / HTTP/1.1\r\n