XSS Challenge - Sh*t it's a WAF
Welcome to your profile page , can you spot the XSS and bypass the WAF ?
Update Your Profile:
Rules:
- The payload should be working on the latest version of modern browsers (FF44+, Chrome 48+, Edge)
- Mild user interaction is allowed (clicking, etc ..)
- Try to make a payload that bypass the XSS auditor in Chrome or Safari (if it’s possible)
Solvers:
- BitK (First one who solved it!) with an expected solution that requires a bit high interaction
- Masato Kinugawa - Solved it with a creative solution that bypass the XSS auditor in Chrome without any user interaction!
- Abdullah Hussam Solved it with payload that bypass the XSS auditor in Chrome and requires a bit high user interaction
- Mario Heiderich and File Descriptor Solved it with payload that bypass the XSS filter in Edge without any user interaction!
- Eslam Salem Solved it with a payload that requires a bit high user interaction
- Mustafa Hasan Solved it with a payload that requires a bit high user interaction
- Noriaki Iwasaki Solved it with a mild user interaction
- You?