Web Application Security
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution Oct 04 2012 09:40AM
Ivan Ristic (ivan ristic gmail com) (1 replies)
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution Oct 08 2012 09:51AM
Robin Wood (robin digininja org) (1 replies)
On 4 October 2012 10:40, Ivan Ristic <ivan.ristic (at) gmail (dot) com [email concealed]> wrote:
> I guess this would be a good opportunity for me to mention my research
> on the topic:
>
> Protocol-level evasion of web application firewalls
> http://blog.ivanristic.com/2012/07/protocol-level-evasion-of-web-applica
tion-firewalls.html

I like the table Danux has showing what order the various
languages/technologies parse the parameters and was wondering if
anyone had a table like this for WAFs, that way it would be a lot
easier to match the language and the WAF and know what ordering to use
to bypass it.

Robin

>
> On Wed, Oct 3, 2012 at 10:55 AM, Danux <danuxx (at) gmail (dot) com [email concealed]> wrote:
>> By playing CSAW CTF you always learn something new (at least myself).
>>
>> Hope you enjoy it:
>>
>> http://danuxx.blogspot.com/2012/10/bypassing-waf-via-http-parameter.html

>>
>> --
>> DanUx
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity (at) lists.webappsec (dot) org [email concealed]
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org
>
>
>
> --
> Ivan RistiÄ?
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution Oct 08 2012 07:55PM
Ivan Ristic (ivan ristic gmail com) (1 replies)
RE: [WEB SECURITY] Bypassing WAF via HTTP Pollution Oct 08 2012 09:09PM
Dave Wichers (dave wichers aspectsecurity com) (1 replies)
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution Oct 08 2012 10:40PM
Rcbarnett (rcbarnett gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus