The tweet mentions building a payload to bypass a WAF using an XSS vulnerability. The payload '<img src=x onerror=alert(1)>' is designed to trigger an alert(1) function when the image source fails to load. This payload can be executed in the context of a webpage. Remember to always use the '?cachebuster=any_value' parameter to prevent cache poisoning.
2/3 Try to build a payload that will bypass the WAF and could be executed in your context.
Note: Don't forget to use the ?cachebuster=any_valu to avoid poisoning other users by mistake. pic.twitter.com/Clzrl9k0NA
— Mostafa (@__the7th) October 8, 2024