A recent Cloudflare WAF bypass was discovered that leads to a reflected XSS vulnerability. The bypass payload used was '> [Blocked By Cloudflare] ?' which resulted in an XSS Popup. This vulnerability was credited to @kingcoolvikas. Stay tuned for the detailed blog post with all the technical details.
Cloudflare WAF Bypass Leads to Reflected XSS ?
Payload Used : "> [Blocked By Cloudflare] ?
Payload Used : "> [XSS Popup] ?
credit: @kingcoolvikas #bugbounty #infosec #xss ? pic.twitter.com/M2BG0OAEMc
— Will Gates (@WllGates) May 8, 2024