A new WAF bypass for Cloudflare has been identified for unauthenticated reflected XSS. The bypass payload is <img hrEF="0" sRC="data:0," oNLy=1 oNErrOR=console.log`1`>. This payload allows an attacker to execute arbitrary JavaScript code in the context of a victim's browser, leading to potential data theft or other malicious actions. Security teams using Cloudflare WAF should be aware of this vulnerability and take necessary precautions to protect their systems.
Original tweet: https://twitter.com/retrymp3/status/1830475173591498976