Random ramblings in Infosec

XSS Challenge – Sh*t it’s a WAF

During my research on a well known bug bounty program i came across a tricky XSS vulnerability that had some type of WAF filtering. I always like to play with WAFs so I tried to test the WAF and understand how it works. After doing few tests I found a weakness in the WAF and I’ve managed to bypass it and execute a cool alert box, however my payload had a mild user interaction. So I made this challenge out of it exactly as it was on the bug bounty website.

Read More