This tweet discusses techniques for bypassing Web Application Firewalls (WAF) in the context of Cross-Site Scripting (XSS) vulnerabilities. It highlights the importance of understanding the context where the input is injected. If the input is not inside a JavaScript (JS) context, attackers often use the script tag with the src attribute to load remote malicious JavaScript code. On the other hand, if the injection point is already within a JavaScript context, using the import() function is a useful technique to bypass WAF protections. These methods show how attackers adapt their payloads based on the injection context to evade detection and successfully execute their attacks. Understanding these context-based bypass techniques is critical for improving WAF rules and strengthening web application security.
For more details, check out the original tweet here: https://twitter.com/ryancbarnett/status/1934668230611882436