error-message-reflection

1 article
sort: new top best
clear filter
bug-bounty460 xss231 bragging-post117 rce87 microsoft82 google81 account-takeover81 open-source79 csrf77 authentication-bypass76 facebook75 stored-xss74 web-security64 reflected-xss63 access-control61 apple59 ai-agents59 privilege-escalation58 input-validation51 defi48 sql-injection48 cross-site-scripting47 smart-contract47 ethereum44 api-security42 information-disclosure41 web-application39 privacy39 tool37 ssrf36 burp-suite36 malware34 llm34 automation34 html-injection33 smart-contract-vulnerability33 vulnerability-disclosure33 web333 responsible-disclosure32 phishing32 opinion31 waf-bypass31 denial-of-service30 cve30 idor29 machine-learning29 code-generation28 authentication27 remote-code-execution26 infrastructure25
0 6/10
DOM based XSS or why you should not rely on cloudflare too much
bug-bounty

A DOM-based XSS vulnerability in a Cloudflare-protected login page where a reflected error message parameter is directly inserted into JavaScript without filtering, allowing attackers to bypass the WAF by breaking out of a JavaScript alert() function context and executing arbitrary code.

dom-based-xss xss cloudflare-waf waf-bypass input-reflection javascript-injection bug-bounty parameter-pollution error-message-reflection
Cloudflare KatsuragiCSL
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 12 hours ago · details