A new XSS WAF bypass technique has been discovered using invisible separators before or after the function name. The payload <img/src/onerror=alert(1337)><svg/onload= alert(2)> can be used to bypass XSS protection. Security researchers recommend WAF vendors to update their protection mechanisms to mitigate this bypass.
For more insights, check out the original tweet here: https://twitter.com/therceman/status/1804801839499460857. And don’t forget to follow @therceman for more exciting updates in the world of cybersecurity.
Subscribe for the latest news: