How i was able to pwned application by Bypassing Cloudflare WAF

Gujjuboy10x00
Dec 12, 2018 · 2 min read

Hello Guys !!

I was working with one of private program(ex: xyz.com) . so as per my methodology i did recon to get all subdomain from dnsdumpster , virustotal , aquatone , sublister , findsubdomains.com etc. and out of that i got one subdomain which is running over wordpress. so , i checked for basic stuffs to get xss if they are using older version.

After running script to check wp directory i saw that x.xyz.com/wp-login.php ?action=register and i saw this

Looks like its blocked by cloudflare , yeah i was like Huh :(:(

what if we can bypass their WAF and get Origin IP yeah,

Basics about cloudflare :

Cloudflare allows websites to protect against all sorts of attacks. It can also act as a Web Application Firewall (WAF) to block the exploitation of web-based vulnerabilities.

I used CFBYPASS tool , after running this , i got their Origin IP . cool write-up at https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/

There are multiple ways to get that Origin IP #Bugbountytip

Next i tried that origin IP , x.x.x.x/wp-login.php?action=register and i was able to see signup page and can signup there using my email and pwned their system

Thanks for reading guys , I always believed that sharing is caring. Hope You liked this finding. Many more are coming. Stay tuned. feel free to comment if you have any question , or shoot me DM in twitter (twitter.com/vis_hacker )

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Gujjuboy10x00

Written by

security analyst | Keep calm and hack the planet https://linkedin.com/in/vishalpanchani

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Gujjuboy10x00

Written by

security analyst | Keep calm and hack the planet https://linkedin.com/in/vishalpanchani

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store