I’m testing for Vulnerabilities for a specific site using SQLmap. However, the site has cloudflare firewall which blocks queries including for example * , ANY or OR . I sort of found a bypass while searching for people who’ve bypassed it. Thet basically used different characters for the same output so that the query wouldn’t get filtered through the firewall. Does anyone have a .xml file with such payloads or knows a way of bypassing it. Or is my only hope manual testing the payloads.
May I ask if you are using a Free or a Pro plan while testing?
Pro plan offers “Web Application Firewall” (Managed WAF Rules), “Cloudflare Managed Ruleset” and “Package: OWASP ModSecurity Core Rule Set” which we can enable with a single click and configure per demand 
Combining this with custom Firewall Rules and other security & protection options we have at Cloudflare, per our need, we get a really good one.
A recent example from one of my domains here:
Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:
- Understanding your site protection options
- Responding to DDoS attacks
- Best Practices: DDoS preventative measures
- Understanding Cloudflare DDoS protection
Any resource to share?
I doubt.
As far as I know, most of the vulnerabillity scanners have some “basic”, otherwise you have to create them and test. Or, if there could be some to purchase, but I am not aware of this so far.
Correct me if I’m wrong, but you seem to be using SQLmap on a site that you don’t own because otherwise, you could switch the WAF off and try the scanner.
If it’s your client who owns the site, ask them to whitelist you from WAF during the scan.
4 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.