This bypass technique targets Alibaba WAF specifically for Cross-Site Scripting (XSS) vulnerabilities. The bypass uses the onloadstart and onloadend events in HTML elements like <audio> and <img> to trigger JavaScript alert functions. Additionally, characters like parentheses are encoded to circumvent detection by the WAF. The example payload uses <audio src=1 onloadstart=alert(1);//> and <img src=1 onloadend=alert(2);//> to execute alerts, demonstrating that the WAF does not block event handlers like onloadstart and onloadend when used with encoded characters. This shows how attackers can exploit less common event handlers and character encoding to bypass security filters and execute XSS attacks.
For more insights, check out the original tweet here: https://twitter.com/N45HTOfficial/status/2049677856092090670. And don’t forget to follow @N45HTOfficial for more exciting updates in the world of cybersecurity.