This tweet describes a WAF bypass for XSS using obfuscation. The original payload <script>alert(1)</script> is blocked by the WAF, but the attacker obfuscates it as <img src=x onerror=&#97;&#108;&#101;&#114;&#116;(1)> to bypass the WAF. This obfuscated payload triggers the XSS. Check out the tweet for more details: https://t.co/GijcBbughn
For more insights, check out the original tweet here: https://twitter.com/40sp3l/status/1934315252176261142
Subscribe for the latest news: