(#3p5hajq) @mckinley ๐ฅณ
matched #7skp7ua score:11.45 Search by:
matched #7skp7ua score:11.45 Search by:
(#3p5hajq) @prologic Success!
matched #b6flpdq score:11.45 Search by:
Search by 1 mentions:
Search by 1 tags:
(#3p5hajq) @prologic I tried several different Tor circuits before I logged in and didn't get a captcha once. Let's see if I can talk about /etc/hosts now.
matched #57fmdaq score:11.45 Search by:
Search by 1 mentions:
Search by 1 tags:
(#3p5hajq) PS I've sent of an Email to support to see if I can just disable the WAF entirely. At this point I don't think it buys much value for projecting my infra ๐
I only require Cloudflare in front of my infra to protect it from assholes that _might_ want to DDoS either my infra directly or that of my ISP's Network (has happened before).
If I can still have DDoS protection without the WAF, I'll disable it.
matched #k4oxloq score:11.45 Search by:
Search by 1 tags:
(#3p5hajq) There ๐
#fixed
matched #mk3mzua score:8.09 Search by:
Search by 2 tags:
(#3p5hajq) /etc/passwd
matched #a6wt6cq score:11.45 Search by:
Search by 1 tags:
(#3p5hajq) Hmmm I just tested this and this particular `/etc/thingy` is matching:
```
DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892
```
Da fuq?!
I turned off most WAF features on this pod because most are not relevant. I'm wondering whether the WAF is useful here at all?! ๐ค
matched #xdwnfga score:11.45 Search by:
Search by 1 tags:
(#3p5hajq) Wow ๐ค Hmmm
matched #zdpya7a score:11.45 Search by:
Search by 1 tags:
(#3p5hajq) Alright, I don't want to spam anymore. I could reference /etc/ and a meaningless file in /etc/, but I was unable to reference the passwd file. Just another Cloudflare MITM job.
matched #2nkoxda score:11.45 Search by:
Search by 1 tags:
(#3p5hajq) /etc/asdf
matched #dr6vsnq score:11.45 Search by: