A DOM XSS bypass was discovered affecting Akamai WAF. The bypass payload used was 'javascript:window['al'+'er'+(['t','b','c'][0])](origin)'. The attacker utilized the referer header to bypass the WAF and exploit the vulnerability by hosting the payload on their own server. This highlights a security weakness in the Akamai WAF that allows for DOM XSS attacks. #CyberSecurity #BugBounty #pentest
Always look everything: DOM XSS + Akamai Waf Bypass
Payload: javascript:window['al'+'er'+(['t','b','c'][0])](origin)
The url can't open directly, due referer header, so was put a html for exploit to my own server.#CyberSecurity #BugBounty #pentest https://t.co/5Zbm41paDp
— Seke4l (@seke4l) April 5, 2025