A bypass for Amazon WAF affecting XSS vulnerabilities has been discovered. The bypass payload is <details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">. This bypass allows for executing JavaScript code in the context of the webpage. For more technical details, check out the blogpost on this WAF bypass.
Original tweet: https://twitter.com/f0rgot825/status/1798518745784311808
Subscribe for the latest news: