New XSS Bypass CLOUDFLARE + Filters.

Hello Folks, i want to tell my story of this type of XSS.



Why this payload work?

…In my case, i was in front of an application that my payload was closed by Unicode Character.



This Payload was Blocked:


I This case i tryied to use another svg and the response was:


Unexpectedly, I noticed that it has moved one position. So:


In this case we notice that we have escaped from unicode character. And again with the slash:

\u01237\/ ----> \/\u01237\/\ ----> /\u01237\/ ----> /

And again bypass:

On\u01234\load ----> On\u01234\+OnLoAd ----> onload

Payload triggered:

We can use this payload for bypass CloudFlare too with default configuration:

(Note this is an example, but you can notice that the payload bypass cloudflare).

Blocked normal payload

Bypassed here:

I release you another good payload that bypass filters :) Maded by me.


|| Good luck everyone with hunting ||





| eCPTX | C|EH Master | CompTIA Security + | eJPT |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Routing in Angular part(IV)

Sessions with a React/Redux Frontend and Rails API Backend

Login prompt from the homescreen of my app

The Depths Of ES-Lint

Angular Performance Check 2022: You Don’t Want to Miss Out On This

Build a realtime Desktop app using Electron and React

Intro to Async JS

Hello, today we will introduce you to HTML on my page.First

A Short List Of Handmade React Components That Will Fit Your Daily Needs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


| eCPTX | C|EH Master | CompTIA Security + | eJPT |

More from Medium

[Hack The Box] Forge— Walkthrough

Hack the Box — Mini Line

The Tale of a Click leading to RCE

How we discovered zero-day vulnerabilities in Riverbed Software Agent