An XSS WAF bypass technique using multi-char HTML entities has been shared in this tweet. The payload includes HTML entities like &fjlig; which translates to fj, &nvgt; which translates to > followed by a Unicode symbol, and &nvlt; which translates to < followed by a Unicode symbol. This technique can be used to bypass XSS filters in various WAFs. For more details and technical information, check out the tweet linked in the post.
For more insights, check out the original tweet here: https://twitter.com/HackingTeam777/status/1803852626846453888
Subscribe for the latest news: