How I bypassed website using Akamai waf

3 years ago 172
BOOK THIS SPACE FOR AD
ARTICLE AD

Yusif Cəfərov

Hi Fiends. Today I will show you How I bypassed website using Akamai waf.

I founded xss in website user information edit page. Website accepted “,’,<,> But website used Akamai Waf and Regex!

When I write alert,prompt or <script> and etc website response 403 Forbidden Access Denied.

When I write A A A<<h1>>A , website deleted <<h1>> and gave me A A AA. Combined the last two values.

I understood that bypass website with this method. How?

alert,prompt → 403 Forbidden

ale rt, pro m p t → 200 OK

aler<<h1>>r → 200 OK 🤨

I create this payload

Jordi”`auto<<h1>>focus/on<<h1>>focus=ale<<h1>>rt(9);//

Website deletes <<h1>> and combined the string

Input value in Source Code

Thanks for reading!

Read Entire Article