WAF bypass by viehgroup

Date: November 21, 2024Author: wafbypass

This tweet describes an XSS bypass for CloudFlare WAF using the payload JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>". The technique involves HTMLi, Double Encoding, Embedded bytes, and Octal Encoding. Security researchers can use this payload to test and potentially bypass CloudFlare WAF's XSS protection. #BugBounty #infosec
Check out the original tweet here: https://twitter.com/viehgroup/status/1859087595403161618

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

WAF bypass by viehgroup