A bypass for Amazon WAF has been discovered affecting XSS vulnerabilities. The bypass payload used is '<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">'. This payload triggers a prompt to execute JavaScript code. Security researchers should be aware of this vulnerability when using Amazon WAF and take necessary precautions.
For more details, check out the original tweet here: https://twitter.com/Tazu136/status/1810969186421669974
Subscribe for the latest news: