An attacker discovered a Reflected Cross-Site Scripting (RXSS) vulnerability but Amazon WAF blocked the initial payload. However, after double encoding the payload, the attacker successfully bypassed the Amazon WAF using the payload: {{'%2522%253E%253Cxmp%253E%253Cp%2520title=%2522%253C/xmp%253E%253Csvg/onload=alert('WAF_BYPASS')%253E}}. This bypass technique can be used to execute malicious scripts and could pose a security risk. For more technical details, check out our blogpost on this Amazon WAF bypass.
For more insights, check out the original tweet here: https://twitter.com/_ravi_10/status/1881646795434184871