There are multiple XSS bypass payloads provided in the tweet to bypass a WAF blocking the 'alert' keyword. These payloads can trick the WAF into not detecting the 'alert' keyword. This technique can be used in bug bounty and pentest scenarios to test the effectiveness of WAFs against XSS attacks. The payloads include manipulations like using string concatenation and unicode characters to evade detection. Further analysis and testing are recommended to ensure the bypass is successful against specific WAF configurations.
Original tweet: https://twitter.com/seke4l/status/1803844677759549874
Subscribe for the latest news: