In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a ASP.NET application protected by a rigorously configured WAF. Conventional XSS payloads”, breaking out of single-quoted JavaScript strings”, were promptly blocked. Yet by abusing HTTP parameter pollution, the team managed to split malicious […] The post Web Application Firewall Bypassed via JS Injection with Parameter Pollution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/web-application-firewall/
