This post is about a WAF bypass for Akami WAF specifically targeting reflected Cross-Site Scripting (XSS) vulnerabilities. The payload used to bypass the WAF filter is: ">\u003cA HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](top['doc'%2b'ument']['dom'%2b'ain']);> This payload uses HTML and JavaScript event handlers to execute a script that triggers an alert dialog, demonstrating a reflected XSS attack. The payload employs obfuscation techniques such as breaking the alert function into parts and concatenating them to evade the WAF detection. Akami WAF failed to properly sanitize or block this payload, allowing the attack to pass through and execute on the target browser. This bypass technique highlights the importance of robust input validation and proper context-aware encoding in WAFs to defend against XSS attacks. Bug bounty hunters and pentesters should test their applications for similar bypasses to strengthen their security posture against reflected XSS vulnerabilities.
Original tweet: https://twitter.com/Manorr07/status/1958823029292589492