Identified My First Microsoft Product Exploit! IIS UrlScan WAF Bypass

I’ve written up a short UrlScan bypass article, made some edits, but overall this bypass has helped me identify and exploit SQL and XSS or other attacks that are URL based.

#Paper Title: Microsoft IIS UrlScan Module Bypass Exploit
#Date: 16 AUG 2017
#Software Link: https://www.iis.net/downloads/microsoft/urlscan
#Author: Steven Kaun (Gh0st)
#Contact: https://twitter.com/AngryMilks
#Website: https://gh0sthacks.blogspot.com/
#Category: WAF Bypass

########
Preface
########

Identified after coming up with null for help with bypassing a WAF identified as UrlScan. After identifying that a web application was filtering and essentially dropping most attacks and their associated payloads a delve into how to bypass this was constructed. This is as simple as bypasses can possibly get, but at the same time is unique enough to warrant writing about.

Read More