This tweet presents a method to bypass the CloudFlare Web Application Firewall (WAF) focusing on Cross-Site Scripting (XSS) vulnerability in 2025. The payload used for this bypass is an image tag constructed as <Img Src=OnXSS OnError=(alert)(1)>. This payload attempts to exploit the OnError event handler in an image tag to trigger an alert, a common XSS technique. The tweet highlights how this simple payload can make XSS attacks easier by circumventing CloudFlare's WAF protections. The use of OnXSS as Src is an attempt to confuse the WAF rule detection, which traditionally monitors standard event handlers and payload patterns. The example demonstrates that despite advanced protections, some WAFs can be bypassed with clever evasion techniques. For anyone looking to understand XSS attack methods or enhance their WAF rules, this information is critical.
For more insights, check out the original tweet here: https://twitter.com/KN0X55/status/1937519733710156193