A month ago i made an XSS challenge called Sh*t it’s a WAF. The idea of the challenge was to bypass the WAF filters and inject an XSS payload that execute alert(1337) . The challenge was a bit tricky but not hard. So let’s first explain how the WAF was working and how it could be bypassed.
During my research on a well known bug bounty program i came across a tricky XSS vulnerability that had some type of WAF filtering. I always like to play with WAFs so I tried to test the WAF and understand how it works. After doing few tests I found a weakness in the WAF and I’ve managed to bypass it and execute a cool alert box, however my payload had a mild user interaction. So I made this challenge out of it exactly as it was on the bug bounty website.