A Cloudflare WAF bypass has been discovered that leads to reflected XSS. The bypass payloads used were “><img src=x onerror=alert(1)>” and “><img src=x onerrora=confirm() onerror=confirm(1)>”. These payloads were able to bypass Cloudflare’s protection. This vulnerability was credited to @kingcoolvikas. #bugbounty #bugbountytips
For more insights, check out the original tweet here: https://twitter.com/RootMoksha/status/1765355035746009563. And don’t forget to follow @RootMoksha for more exciting updates in the world of cybersecurity.