I’ve spent a bunch of time trying different wordlists for sql injection, xss, usernames… Tried modifying manual requests with burp to bypass the custom waf implementation too. Haven’t found anything! Is index.php a rabbit hole?? Is there something not so obvious that I should be looking for?
Edit: Straightforward once you know what type of attack to use.
Hi, any hint? “unset” is the right path or I have to study in deep classic waf bypass techniques? Thanks:)
There is a risk of overthinking on this one. You can try various things, see if you can get a different response to different requests then, if there is, you can use a tool (s****p) to automate it.
I found it was very, very, very, very slow though. There may be faster approaches.
Hey, also stuck on this one. But a bit further ahead of WillBar I think.
I understand the code, and what gets given to the php functions from the request.
@WillBar : notice that the WAF function returns a : json_decode($s) . and then what gets passed to the query function is not the original value of the request …
what I’m struggling is what to send as a value of the attribute of the object I’m posting. tried s****p to try to get something going , but no luck… possibly not using it right. Any hints?