Sign in to follow this  
Followers 0
r41d3n

Raptor OpenSource Web application firewall and bypass Techniques

3 posts in this topic

Did you take this in account .https://blog.qualys.com/wp-content/uploads/2012/07/Protocol-Level Evasion of Web Application Firewalls v1.1 (18 July 2012).pdf

bit dated however I have incorporated quite a few of the techniques there's also a good paper out this year from blackhat on waf evasion I forgot it's name but it also has a github. HTTP Parameter polution is also a good vuln to smuggle shady payloads in. I haven't really tried array injection yet but I mean a lot of php sites are vulnerable to it.

0

Share this post


Link to post
Share on other sites

Good programming will stop ether dead in their tracks....  Repeat after me, "On the Internet any user supplied data is rogue, unless proven otherwise....".

 

I think this is a false sense of security and measures need be taken at the web app dev. level or NOTHING can stop SQLI or any exploits.

 

 

EDIT: but with that said, I've seen some pretty 1337 stuff done with null terminated strings in PHP. Seen  people exploit PHP functions (regEx engines, stored procedures) exploiting the underlying C code. 

Edited by tekio
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0