A bypass for Cloudfront XSS WAF has been discovered. The payload includes a method to bypass using an encoded alert function, replacing spaces with '/', and encoding symbols such as <, >, ", [, ], and `. This bypass technique can potentially be used to bypass Cloudfront XSS WAF protection. #bugbounty #bugbountytips #XSS #WAF
Original tweet: https://twitter.com/zapstiko/status/1791340437594415245
Subscribe for the latest news: