In this lab, a reflected XSS vulnerability was found by bypassing the WAF using the Burp Suite Intruder tool. Most basic tags and event handlers were blocked by the WAF, but through testing with Burp Intruder, allowed tags and event handlers were identified for successful bypass. Check out the Portswigger lab 103 for more details on this XSS WAF bypass.
Original tweet: https://twitter.com/0xcris_prp/status/1808378651001655689