A new XSS bypass for Cloudflare WAF has been discovered. The payload used is %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E. This bypass allows executing a domain confirmation. Credit to @akaclandestine. #bugbountytip #BugBounty #bugbountytips
For more insights, check out the original tweet here: https://twitter.com/grumpzsux/status/1784432507565625672
Subscribe for the latest news: