A cool RXSS WAF bypass was discovered in @Bugcrowd. The bypass payload used was <script>alert(1)</script>. The payload was initially an HTML payload in the discussion search box, which was reflected but not executed. It successfully bypassed the WAF by utilizing a simple script tag payload. For more technical details, refer to the tweet thread: https://t.co/liRvQh8TFA
Original tweet: https://twitter.com/MrKaLi176442/status/1834609351329501512