A new XSS bypass for Amazon WAF has been discovered using the payload %3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%601%60%3E. The original payload was blocked by the WAF, but this new one is still effective. Additionally, Knoxss found another bypass on top of this one, making it a significant discovery. Stay tuned for more details on the blog post.
For more insights, check out the original tweet here: https://twitter.com/Shad0wH3x/status/1796318421682155886