xss waf bypass

Is there any tips on writing an Xss payload to bypass Wafs? I tried encoding and a lot of other stuff but nothing works. I clearly have xss on a targeted site and I can load elements but I cannot bypass the Waf which filters certain key phrases and elements. I tried deducting what it filters and it basically gets rid of everything that can call a function in JS such as parentheses or script elements. Anyone have any tips on writing a payload that can bypass this?

submitted by /u/N0tA1dan
[link] [comments]

from hacking: security in practice https://ift.tt/Sb8tDHf

Comments