WAF bypass by zapstiko

Date: May 23, 2024Author: wafbypass

A bypass for Cloudfront XSS WAF has been discovered. The payload includes a method to bypass using an encoded alert function, replacing spaces with '/', and encoding symbols such as <, >, ", [, ], and `. This bypass technique can potentially be used to bypass Cloudfront XSS WAF protection. #bugbounty #bugbountytips #XSS #WAF
Original tweet: https://twitter.com/zapstiko/status/1791340437594415245

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by zapstiko