A tweet mentioning a method to bypass path-based WAF restrictions using raw/unencoded non-printable and extended-ASCII characters has been discovered. This method involves appending characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask) to evade the WAF restrictions. Further research is needed to identify the specific vendor affected by this bypass. It is recommended to investigate and address this vulnerability to enhance WAF protection.
Check out the original tweet here: https://twitter.com/d4d89704243/status/1854562239547674971