If %00 is not encoded by the application then the it’s really fucking easy to bypass any WAF (cloudflare, akamai, etc) to get XSS, just spam the fuck out of the %00 ?
Follow me for more P1 #bugbountytips
Subscribe for the latest news:
If %00 is not encoded by the application then the it’s really fucking easy to bypass any WAF (cloudflare, akamai, etc) to get XSS, just spam the fuck out of the %00 ?
Follow me for more P1 #bugbountytips