WhatsApp Web Username Bypass Vulnerability - 0day.today Exploit Database : vulnerability : 0day : new exploits : buy and sell private exploit : shellcode by 0day Today Team

Mon Aug 01 2022 07:37:43 GMT+0000 (Coordinated Universal Time)

Saved by @pirate

################################################################# Title: Web WhatsApp Username Bypass
# Date: 31.10.2016
# Author: Glumi
# Software Link: https://web.whatsapp.com/
################################################################

Why this works:
Web WhatsApp is filtering null bytes for all username inputs but this can be bypassed by 
using the"NOP"-character (0x90).

###############################################################
How to:
- Go to: https://web.whatsapp.com/
- Go to your "Profile and Status" and edit your Username
- Decode the NOP-Hex into an character
- Insert the character as your username... voilà, now your username is invisible!

#  0day.today [2022-08-01]  #

DDoS Mitigation is only really needed when you make your Server Public in any Kind. When the Server simply doesnt answer on Request that are not authorized you cant really find it in the First Place. +1 on Lets Encrypt if you dont want to use Cloudflare. If you want to use Cloudflare then yeah use a Cloudflare Origin Certificate for the Domains that are Proxied. Then you get less often E-Mails from Cloudflare that a new Certificate for your Domain has been provided because they last up to 15 Years. (For the email part the requirement would be that this Cloudflare setting is enabled which I would strongly recommend if you use Cloudflare anyway.) Or when you dont even have unproxied Domains, use the Cloudflare Tunnel Daemon and Block all Incoming Connections to your Server (except your SSH Port of Course, + Change the SSH Port then)