Bypassing ModSecurity for RCEs

1 · Somdev Sangwan · Aug. 29, 2022, 2:20 p.m.
tl;dr: I won $17k by bypassing ModSecurity for multiple RCEs in in a hacking event hosted by intigriti. WAFs 101 Firewalls stop attacks. They can recognize them with their database of various rules that describe what an attack looks like. These rules are created by hand or automated analysis of thousands of actual attacks. A web application firewall is a firewall, for websites. Blacklists are hard ping is a tool commonly used to troubleshoot networks. As a WAF designer, you might want to block...