This tweet showcases bypass payloads for Cross-Site Scripting (XSS) vulnerabilities against three major Web Application Firewalls (WAFs): CloudFlare, Imperva, and Akamai. It provides specific examples that evade these WAFs' protections by employing unique and less common attribute usage and encoding.
1. CloudFlare Bypass:
The payload uses an image tag with a non-standard attribute 'OnXSS' and an 'OnError' event handler that triggers an alert. The usage of a custom attribute 'OnXSS' alongside the 'OnError' event helps bypass CloudFlare's filters.
2. Imperva Bypass:
The payload uses an image tag with a Src attribute pointing to a URL and an 'OnLoad' event handler that includes encoded/obfuscated JavaScript (import(Src)) with a percent-encoded character '%0C', which helps slip past Imperva's filtering mechanisms.
3. Akamai Bypass:
This payload uses an anchor tag with several attributes, including AutoFocus and an encoded 'OnFocus' event handler. The OnFocus event handler is obfuscated using JavaScript syntax with string concatenation and encoding, evading Akamai's detection.
These examples highlight advanced XSS bypass techniques that rely on a deep understanding of how these WAFs parse and filter HTML and JavaScript event handlers. It is important for security professionals and developers to test their web applications against such bypasses to ensure robust protection.
The tweet also promotes a free Blind XSS service aimed at security professionals for detecting blind XSS vulnerabilities.
For more insights, check out the original tweet here: https://twitter.com/KN0X55/status/1946959665864007877. And don’t forget to follow @KN0X55 for more exciting updates in the world of cybersecurity.