Malformed URL decoder leads to WAF bypass using Hex Overflow

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

Syed Mushfik Hasan Tahsin shares his experience of bypassing the BIG IP Local Traffic Manager (F5 Networks) Web Application Firewall using Hex Overflow. He describes how the firewall blocked common payloads and how he leveraged hexadecimal overflows to generate different characters, ultimately bypassing the WAF by crafting carefully encoded inputs. This technique allowed him to reach normally restricted functionalities in a unique and unanticipated way.

XSS — Bypassing WAF with Hex Overflow