Bypassing WAF with incorrect proxy settings for Hunting Bugs.

"Https: // targetdomain"
"Https: //auth.targetdomain/vulnerable_endpoint? Param = malicious_RCE_payload"
https: //auth.targetdomain/vulnerable_endpoint? param = malicious_RCE_payload
https: //auth.targetdomain/vulnerable_endpoint? param = malicious_RCE_payload
“AHR0cHM6Ly9hdXRoLnRhcmdldGRvbWFpbi92dWxuZXJhYmxlX2VuZHBvaW50P3BhcmFtPW1hbGljaW91c19SQ0VfcGF5bG9hZA ==“
https // targetdomain /? cfru = aHR0cHM6Ly9hdXRoLnRhcmdldGRvbWFpbi92dWxuZXJhYmxlX2VuZHBvaW50P3BhcmFtPW1hbGljaW91c19SQ0VfhcZGF5=bG9
  1. Then the request goes to Bluecoat, where the cfru parameter is decoded and a GET request is sent to the internal host.
  2. As a result, a vulnerability is initiated.

Bingo! Happy Hacking…….

Security Researcher | DevSecOps | Twitter:-

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store