A security researcher named Sarthak discovered a significant Web Application Firewall (WAF) bypass bug that affects multiple major WAF vendors, including Cloudflare, Amazon CloudFront, Wordfence, and Akamai. This bypass vulnerability was widespread, impacting over 500 different programs protected by these WAFs. Due to the severity and breadth of this bypass, the researcher earned over $50,000 in bug bounty rewards. The discovery highlights a critical weakness in some of the most popular WAF solutions used to protect web applications from attacks. The exact technical details or payloads used for the bypass have not been disclosed in the tweet. However, this finding underlines the importance of continuous security testing and bug bounty programs to improve the security posture of widely deployed cybersecurity defenses.
For more insights, check out the original tweet here: https://twitter.com/MrRajputHacker/status/1968913891611517078