WAF bypass by RootMoksha

Date: June 26, 2024Author: wafbypass

An XSS WAF bypass was discovered using multi-char HTML entities. The payload consists of &fjlig;, &nvgt;, and &nvlt; which translate to fj, > + [?], and < + [?]. This bypass technique can potentially evade various WAFs. For more details, refer to the tweet by @therceman. #bugbountytips #bugbounty https://t.co/LUDkRmVIH4
For more details, check out the original tweet here: https://twitter.com/RootMoksha/status/1805602376117895239

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by RootMoksha