This tweet reveals a Web Application Firewall (WAF) bypass targeting Cloudflare's WAF. The bypass payload involves injecting a Cross-Site Scripting (XSS) attack using the parameter: ?parameter=JavaScript:alert(“canyoudothis?”). This payload exploits the WAF's filtering rules by using JavaScript URI scheme in a way that the WAF does not block, allowing the alert to execute. Essentially, this shows that Cloudflare's WAF might fail to detect certain XSS payloads when they are embedded within JavaScript scheme URLs in parameters. Users and security professionals need to be cautious and test their WAF configurations against such payloads. It also highlights the importance of comprehensive input validation and multiple layers of security rather than relying solely on WAFs.
Original tweet: https://twitter.com/MrD0tt/status/1947666253231128951