A bypass technique for path-based WAF restrictions has been discovered. By appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask), it is possible to bypass these restrictions. This technique can impact various WAF vendors. Detailed technical information on this bypass can be found at https://t.co/btTURIkDi4
For more insights, check out the original tweet here: https://twitter.com/NandanLohitaksh/status/1854918018402599282. And don’t forget to follow @NandanLohitaksh for more exciting updates in the world of cybersecurity.