Top story: @0xInfection: ‘If you see a webapp trying to guess your search query (e.g. in search bar) and has a WAF on top of it, use mistyped words to easy trigger XSS and bypass the WAF.

<scrpt>confrm()</scrpt>

The … https://t.co/vqWK3o62vM, see more https://t.co/fVnXn9Z0FJ