[WEB] wafwaf

Timsu · August 8, 2020, 2:16am

Have been trying to solve this challenge for quite a long time. I figured why it is not outputting anything but I don’t see a way to deal with that… I will appreciate any form of help.

NorthernCross · September 28, 2020, 6:06pm

I used a t***** s***** that comes with s*****. I think a good tip would be to analyze the source code properly. Circumvent the WAF manually before trying out a tool. This whole process was reaaaaaally slow tho

Morlax · October 13, 2020, 11:43pm

I’m stuck. Decided to spin up a container to test and see what happens with different inputs. The enc***** I’m trying to use sort of bypasses the filter but doesn’t get de***** for the actual query, resulting in no matches.

Any hint or help via PM would be greatly appreciated!

Morlax · October 13, 2020, 11:44pm

@Morlax said:
I’m stuck. Decided to spin up a container to test and see what happens with different inputs. The enc***** I’m trying to use sort of bypasses the filter but doesn’t get de***** for the actual query, resulting in no matches.

Any hint or help via PM would be greatly appreciated!

Also, I’m trying to solve it manually without any tools, forgot to say!

Laur3n3 · October 14, 2020, 7:52pm

Nice challenge!

satofromjapan · October 16, 2020, 4:39pm

I am really stuck on this one. I’ve read through all of the comments posted here, but still don’t know where to start. I know what tool everyone is using to automate and I’m trying to understand the code but I am still stuck. Please help?

whitewhale · November 20, 2020, 12:23am

Interesting, a lot more time-consuming than I was expecting, as once I got past the WAF, I still wasn’t going to get anywhere!

I need to research whether the feature exists in this tool already, but I ended up writing some PHP middleware to act as a proxy for translating the requests this tool was making into the correct format for this page/bypass.

A little time later, and I’d found the flag

0xed · November 21, 2020, 9:56pm

guys I bypassed the waf on the first minute (im a php developer) but I still can’t reflect any results even with s***** (played with the scripts). can someone point me or maybe send me a hint? thanks.

Frenzi · December 27, 2020, 2:50pm

Once you find the correct en***** its easy to solve it. i just used a tool s****p

rancilio · December 30, 2020, 7:40am

Spent all evening last night trying to get this one, no luck.

Tried manual techniques and then automated using s***p which took ages and returned nothing…I know this should be easy as you can see the code, but as a noob to this area I’m stuck.

Can anybody point me in the right direction?

oneRanger · December 31, 2020, 3:59pm

Was fun playing with s****p!
learned few things.
PM for hints

kurogai · January 17, 2021, 1:47pm

Can someone help me? I think i figured what i should do but i need help

sayedaz · April 4, 2021, 11:46pm

x48int!

Topic		Replies	Views
[WEB] ezpz Challenges	107	16315	May 23, 2020
[WEB] Freelancer Challenges web-challenge	181	33210	February 18, 2022
TearOrDear - have I gone down the rabbit hole? Challenges reversing , tearordear , tearordearreversing	4	916	June 27, 2018
HTTP Attacks - Skills Assessment Academy academy , skills-assessment	10	828	December 4, 2024
[WEB] Console Challenges challenges	57	10807	December 14, 2020

[WEB] wafwaf

Related topics