Two JavaScript payloads for bypassing WAF in URL context have been discovered. The first payload is "<Svg/OnLoad=alert%252526lpar;1)>" and the second payload is "\%250A74Svg/On%250ALoad=alert%252526lpar;1%252526rpar;">. These payloads can be used to trigger an XSS attack. WAF administrators should be aware of these bypasses and update their security measures accordingly. #WAF #Bypass #payload
Check out the original tweet here: https://twitter.com/ksg93rd/status/1861601010092802123