If anyone is feeling generous and has a *known working* XSS bypass for an F5 WAF set to insane mode (injection point is a GET based parameter source that writes to HTML sync), please drop me a msg. Thanks! ??