[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Web Application Firewall bypass via F5 Big-IP partial URI decoding

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Web Application Firewall bypass via F5 Big-IP partial URI decoding
From: RedTimmy Security <redazione@xxxxxxxxxxx>
Date: Mon, 20 Apr 2020 13:53:56 +0200 (CEST)

Hi
we have published a new post in our blog titled "How to hack a company by 
circumventing its WAF for fun and profit – part 2".

We basically shows how the absence of URI decondig or partial URI decoding can 
both be abused to circumvent custom iRules.

Full story is here: 
https://www.redtimmy.com/web-application-hacking/how-to-hack-a-company-by-circumventing-its-waf-for-fun-and-profit-part-2/
 
regards
RedTimmy Security

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Cisco AnyConnect elevation of privileges due to insecure handling of path names
Next by Date: [FD] Air Sender v1.0.2 iOS - Arbitrary File Upload Vulnerability
Previous by thread: [FD] Cisco AnyConnect elevation of privileges due to insecure handling of path names
Next by thread: [FD] Air Sender v1.0.2 iOS - Arbitrary File Upload Vulnerability
Index(es):
- Date
- Thread