Hi we have published a new post in our blog titled "How to hack a company by circumventing its WAF for fun and profit – part 2".
We basically shows how the absence of URI decondig or partial URI decoding can both be abused to circumvent custom iRules. Full story is here: https://www.redtimmy.com/web-application-hacking/how-to-hack-a-company-by-circumventing-its-waf-for-fun-and-profit-part-2/ regards RedTimmy Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/