This tweet shares an experience about discovering and reporting a Reflected Cross-Site Scripting (XSS) vulnerability on a top Nigerian e-commerce website specifically through their Vehicle Display Page (VDP). The reporter used manual methods to bypass the Web Application Firewall (WAF), without relying on heavy automated scanners, indicating a more tailored and precise approach to exploitation. The exact bypass payload is not detailed, and the WAF vendor is not mentioned. Additionally, the individual mentions working on custom Python tools for Open Source Intelligence (OSINT) gathering during their downtime. This highlights the importance of manual security testing alongside automated tools, especially when dealing with complex WAF protections. The method demonstrates the skill of the security researcher in manual WAF bypass techniques, crucial in finding vulnerabilities in high-security environments where scanners might be detected or blocked.
For more details, check out the original tweet here: https://twitter.com/chmdiVuln/status/1999606068020937156