This tweet mentions a scenario involving a Web Application Firewall (WAF) and reflected Cross-Site Scripting (XSS) vulnerability. The author indicates spending 2.5 hours trying unsuccessfully to bypass the WAF for a reflected XSS attack, highlighting the WAF's effectiveness in blocking such attempts. Additionally, the tweet mentions the presence of an easy reflected XSS vulnerability that is deemed out of scope, possibly meaning it is not relevant to the current testing or assessment. The tweet gives insight into the challenges of bypassing WAFs and hints at the context where some vulnerabilities might exist but are not considered during testing due to scope limitations.
Original tweet: https://twitter.com/unpWn4bl3/status/1970885462589120653