When trying to bypass a WAF during JavaScript execution by using the payload 'javascript: <any>', the WAF seems to be catching it during runtime execution. This indicates that the WAF is inspecting and blocking the script at runtime. More investigation is needed to understand how the WAF is monitoring and blocking the JavaScript execution. #WAFBypass #BugBounty
For more details, check out the original tweet here: https://twitter.com/httpsELL10t/status/1882817453115511237