A XSS WAF bypass technique using multi-character HTML entities like &nvgt; or &nvlt; has been discovered by @garethheyes and @therceman. These entities are interpreted by the server as '>' and '<'. This bypass can potentially evade WAF protection. More technical details can be found in the tweet: https://t.co/SGsuFcPP7H
For more insights, check out the original tweet here: https://twitter.com/ctbbpodcast/status/1813621905531822556
Subscribe for the latest news: