This tweet shares a method to bypass Web Application Firewalls (WAFs) to perform Cross-Site Scripting (XSS) attacks in the URL context. The bypass technique involves a combination of HTML injection, double URL encoding, and embedded bytes to hide the malicious payload from the WAF's detection. The payload shown is an obfuscated JavaScript snippet embedded inside an SVG tag's OnLoad event which triggers an alert when executed. Due to the double encoding and embedded bytes, common WAFs might fail to detect this XSS payload, allowing an attacker to execute arbitrary JavaScript. The tweet references a lab for testing, indicating that this method has been experimentally verified. It also mentions KNOXSS, a tool known for similar XSS bypass techniques, suggesting that this method is part of a broader set of strategies to circumvent WAF protections. This bypass technique is significant for security researchers and penetration testers looking to understand and improve WAF defenses against obfuscated XSS payloads.
For more insights, check out the original tweet here: https://twitter.com/KN0X55/status/1961073209702330723. And don’t forget to follow @KN0X55 for more exciting updates in the world of cybersecurity.