An attacker successfully bypassed AWS WAF using a simple script tag payload. This XSS vulnerability allows the attacker to execute malicious scripts on the target website. The bypass payload used was <script>alert('WAF bypassed')</script>. This vulnerability exposes a security flaw in the AWS WAF, allowing malicious code injection. It is crucial for websites protected by AWS WAF to patch this vulnerability immediately.
For more insights, check out the original tweet here: https://twitter.com/Praveen73720670/status/1788930697672974600