This tweet discusses a Web Application Firewall (WAF) bypass challenge related to a React2Shell vulnerability, which is a type of Remote Code Execution (RCE) vulnerability. The user reports that some websites still have the React2Shell vulnerability, but the WAF in place blocks requests containing the word "resolved_model," which is likely part of the exploit payload. The user also tried bypassing the filter using unicode encoding but found it unsuccessful. The WAF vendor is not specified. To bypass such filtering, one might try alternative encoding methods, parameter obfuscation, or partial payload splitting to evade the WAF's keyword filtering. This tip highlights the ongoing arms race between attackers crafting bypass techniques and defenders implementing filtering rules. Understanding the exact filter rules and payload structure is key to successful exploitation or mitigation.
For more details, check out the original tweet here: https://twitter.com/KonSpycio/status/2029340094616961386