WAF bypass by XssPayloads

Date: April 17, 2025Author: wafbypass

A XSS payload in JS context was discovered by @thelilnix for WAF bypass. The payload used is ''.replace.call`1${/…/}${alert}`. This bypass can affect various WAF vendors. It is recommended to apply appropriate security measures to prevent such bypasses.

A XSS payload in JS context for WAF bypass, by @thelilnix

''.replace.call`1${/…/}${alert}`

— XSS Payloads (@XssPayloads) April 17, 2025

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by XssPayloads