A bypass vulnerability affecting Amazon WAF has been discovered. The XSS payload <details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);"> was used to bypass the WAF protection. This vulnerability allows an attacker to execute malicious scripts on the website protected by Amazon WAF. Security researchers should investigate further and AWS should release a patch to address this issue.
For more insights, check out the original tweet here: https://twitter.com/loiliangyang6/status/1798448576491671892. And don’t forget to follow @loiliangyang6 for more exciting updates in the world of cybersecurity.