A new exploit allows threat actors to bypass the web application firewalls of nine vendors.
The attack abuses parameter pollution techniques and was found by security firm ETHIACK.
It was tested against 9 WAFs in 17 different configurations.
https://blog.ethiack.com/blog/bypassing-wafs-for-fun-and-js-injection-with-parameter-pollution
