An attacker can bypass Akamai WAF using a Cross-Site Scripting (XSS) payload. The payload allows the attacker to execute arbitrary JavaScript code within the target website. By manipulating the input fields and utilizing the onbeforeinput event, the attacker can trigger the execution of the injected script. Akamai WAF fails to detect and block this XSS payload, making the website vulnerable to XSS attacks. Website owners using Akamai WAF should be aware of this bypass and implement additional security measures to mitigate the risk of XSS vulnerabilities.
Check out the original tweet here: https://twitter.com/Shahinalam3546/status/1902489477102407797