The tweet by @Botami143 contains an XSS payload specifically designed to bypass Cloudflare WAF. The payload is <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> and is meant to execute a JavaScript alert while bypassing the WAF protections. This breach highlights a potential security vulnerability in Cloudflare WAF that allows malicious scripts to bypass its filters. It serves as a reminder for organizations to continuously monitor and update their WAF configurations to prevent such attacks. #bugbountytips #bugbounty
XSS payload by @Botami143
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
WAF / Cloudflare Bypass#bugbountytips #bugbounty pic.twitter.com/DvbS1kQsNp— Root Moksha (@RootMoksha) June 3, 2024