This tweet by @akaclandestine reveals three payloads that bypass the Akamai WAF protections. Akamai WAF is a web application firewall used to block malicious requests to websites. The bypass payloads use JavaScript replace methods to trigger alerts, which might be used in exploits like XSS (Cross-Site Scripting). These tricks exploit JavaScript's replace function and template literals (`) to evade detection by the WAF. The payloads are as follows:
1. `'a'.replace.call`1${/./}${alert}` – This payload uses replace.call with template strings to execute an alert function.
2. `'a,'.replace`a${alert}` – This uses a template string inside the replace method to trigger alert.
3. `'a'.replace(/./,alert)` – This uses a regular expression to match any character and replace it with an alert call.
These payloads can potentially bypass Akamai WAF filters that look for typical malicious patterns, since they use JavaScript's native replace method and template literals in an unusual way. Web developers and security professionals should be aware of such bypass techniques and implement more advanced filtering and behavioral analysis to detect and block these evasive payloads. Additionally, Akamai might need to update their WAF signatures to recognize and mitigate these new bypass methods.
Check out the original tweet here: https://twitter.com/XssPayloads/status/1954936525143076976