InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Member-only story

Breaking Through the Firewall: How I Bypassed a WAF and Found a Critical Bug with $1700

Akash Ghosh
InfoSec Write-ups
Published in
4 min readFeb 14, 2025

--

The Hacker vs. The Firewall

“Firewalls are like locked doors. The trick is knowing which window is left open.” 😈💻

It was 2 AM, and I was staring at my Burp Suite window, watching 403 Forbidden responses flood my screen.
I had spent hours testing this bug bounty target, trying to break through its defenses.

The problem? A Web Application Firewall (WAF) was blocking every attack I threw at it.

💀 SQL Injection? Blocked.
💀 XSS Payloads? Filtered.
💀 Path Traversal? 403 Forbidden.

I was on the verge of rage-quitting and questioning my entire existence as a bug bounty hunter. Was I even good at this? 🤦‍♂️

But then I remembered one of my favorite hacking quotes:

“A good hacker is not the one who knows everything, but the one who refuses to give up.”

And that’s when it hit me… Every security system has a weakness. And I was about to find it.

What happened next? I found a WAF bypass technique that led to a critical bug and a $1,700 bounty. 🎯💰

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

--

--

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Akash Ghosh

Akash Ghosh|Ethical Hacker | Cybersecurity Expert | Web & Mobile Security Expert

Responses (1)

Write a response