This tweet reveals a new bypass method targeting AWS WAF, a widely-used web application firewall. The bypass affects universal vulnerability detection, as it can evade protections against multiple types like XSS, SQLi, RCE, and others. The payload uses an unusual path traversal technique with encoded characters and syntax: GET \/.\\xn~1~1*\/ HTTP/1.1 Host: target.com. This payload tricks AWS WAF into not recognizing and blocking malicious requests by disguising the malicious URL path in a way that bypasses detection filters. This shows that AWS WAF can be vulnerable to novel encoding and path obfuscation approaches, urging users to supplement it with additional security layers and continuous rule updates to defend against evolving attack methods.
Check out the original tweet here: https://twitter.com/kingthorin_rm/status/1943340851695849900