A bypass for a WAF that checks for SQLi first but can be exploited for XSS. The payload 'meydi" or 1=/*</script>*/ — – <XSS>' can be used to bypass the WAF's detection. Further technical details and analysis can be found in the tweet by @_0x999.
For more insights, check out the original tweet here: https://twitter.com/neotrony/status/1931790830336884973. And don’t forget to follow @neotrony for more exciting updates in the world of cybersecurity.