A funny WAF bypass was discovered by @coffinxp7. The payload used is <details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">. This bypass affects XSS vulnerabilities and can potentially bypass various WAF vendors. It triggers an XSS payload when the details tag is toggled. This bypass can be used for bug bounties and highlights the importance of WAF protection against XSS attacks. More details can be found in the original tweet.
For more insights, check out the original tweet here: https://twitter.com/RootMoksha/status/1804523003235225830
Subscribe for the latest news: