This WAF bypass concerns a Content Security Policy (CSP) bypass vulnerability. The bypass payload includes using the <base> HTML tag in a way that tricks the WAF (Web Application Firewall) into allowing malicious content. Specifically, the attacker used parameters 'param1' and 'param2' with crafted href values to exploit the filter. The approach involves injecting a base tag with a carefully constructed href attribute that can bypass the CSP rules and potentially lead to Cross-Site Scripting (XSS) or other malicious outcomes. This is considered a tricky and clever bypass technique, highlighting the importance of strict parsing and validation in CSP and WAF configurations. Unfortunately, the vendor of the WAF is not disclosed, but this technique might be applicable to multiple vendors' products. This tweet indicates the bypass was part of a paid program ($10,000 reward) and the researcher plans to publish a detailed blog post soon.
For more insights, check out the original tweet here: https://twitter.com/YShahinzadeh/status/1941557176625230063. And don’t forget to follow @YShahinzadeh for more exciting updates in the world of cybersecurity.