A new XSS bypass payload has been discovered for various WAFs. The payload is '<a%20href=%0dj&Tab;avascript&colon;x='trela'.split('').reverse().join('');self[x](origin)>'. This payload can evade different WAFs and execute malicious JavaScript code. Researchers recommend WAF vendors to update their security rules to prevent such bypasses.
For more insights, check out the original tweet here: https://twitter.com/technical_br01/status/1846529033032618194
Subscribe for the latest news: