How I have bypassed WAF and escalate Cross site Scripting attack !!

Hello all,

I am Parshwa Bhavsar , a cyber security researcher and a bug bounty Hunter.

Recently, I have bypassed WAF and escalate Cross site scripting attack on one of the main Indian Government website.

P.S.:- I can’t share the website name right now.

So, basically I was winding up my things and go to bed & my friend “Parth” called me to hunt on Indian govt. site.

He was testing on this site & He found a Vulnerable parameter named “date” in the POST method.

He was trying to execute other payloads but firewall blocked us every time when we going to execute any JavaScript query their.

I suggest him , let’s try normal HTML tags.

So,firstly the most basic tag to test HTML injection is “marquee” tag.

Suddenly, we saw that it is executing successfully.

Initially we thought that let’s report it as HTML injection Vulnerability but internally we want to execute JavaScript.

So as per every other person in the planet we started searching on Google.

Tried every possible payloads that helps us to bypass WAF but we got no success.

Now, I thought that my marquee tag was successfully executed what if I tries to execute JavaScript through this.

So, my final payload for execute JavaScript & bypass the firewall was :

```<marquee onmouseover=alert(9)>click</marquee>```

And , It goes executed perfectly. 🤯

I was on the 7th sky as I have bypassed WAF first time 🥺.

Bypassing firewall is the big thing for me.

Many thanks to my friend “Parth” who has suggested & found that parameter.

Without him this can’t be possible.!!!