This tweet reveals an XSS vulnerability bypass for WAFs. The payload is an iframe tag with an onload event that sets the width to '100px'. The condition for triggering the payload is no user interaction required. This bypass technique poses a risk to WAFs by allowing malicious scripts to execute without user interaction. More details in a blog post.
2/3
So here I found some tags & event handlers that bypass WAF. BUt there is 1 condition that there should not be user interaction to trigger payload. So payload crafted for that is:
<iframe src="https://t.co/8JffQ8ay7g" onload=https://t.co/S3vsILoGsG.width='100px'>
see meaning?— Pranav Patil (@0xcris_prp) July 3, 2024