The tweet by @coffinxp7 contains a payload for XSS vulnerability that bypasses Sucuri WAF. The payload uses encoded characters to execute a script alerting the document's cookie. It is important for Sucuri WAF users to be aware of this bypass and take necessary precautions to mitigate XSS attacks. For more technical details, refer to the blog post.
A payload to bypass Sucuri WAF, by @coffinxp7
<a aa aaa aaaa aaaaaa href=javascript:alert(document.cookie)>ClickMe— XSS Payloads (@XssPayloads) October 17, 2024