1 supporter
WAF bypass and vulnerability chain explo ...

WAF bypass and vulnerability chain exploiting parser differentials

Apr 16, 2023

Waffle-y Order is a medium-difficulty Web challenge from HackTheBox, involving the exploitation of parser differential vulnerabilities to bypass a regex-based WAF and chain a PHP Object Injection with a Blind XXE to read arbitrary files and exfiltrate data.

You can find the full write-up here!


Enjoy this post?

Buy 0xbro a coffee

More from 0xbro