Open in app

Sign in

Write

Sign in

XSS via Chat bot — Cloudflare Bypassed😉

Goutham A S
3 min readJan 13, 2023

--

In this article will see how I can able to execute XSS payload via chatbot

In the previous article, I explained about the simple Stored XSS in Cloudflare protected application.

In this article will see how I can able to execute the XSS via a chatbot in the Cloudflare-protected WebApp.

Let’s get Started !! 😉

This time again the application uses the Cloudflare WAF to protect the application against common cyber attacks.

I started with Recon, and then I created the account by signing up for the application and browsing the functionalities.

Suddenly the chatbot popped up and asked me if any help is required to proceed further or not.

I opened the chatbot and it asked me to fill in my name and Email DI to proceed further.

Then I entered the necessary information!

When it asked me to enter my name after the above step, I entered the simple HTML Tag to check how the chatbot will respond.

Payload: <u>ProfessorXSS</u>

It looks like this 👇

Immediately it was executed and I got the Underlined name 👇

Which confirms the application is vulnerable to HTML Injection.

Don’t forget to try the XSS in such cases, because 90% of the time application is definitely vulnerable to XSS if it executes HTML Tags.

Then I try to inject the simple XSS payload 👇

“><script>alert(1)</script>

Unfortunately, it didn't work!

Then I took my favorite payload and added “> in front of the new payload to close the previous value tags in the HTML form.

“><img src =q onerror=prompt(8)>

The injection will look like this 👇

Then I submitted the above payload and I was really surprised to see the XSS pop-up.

The payload was executed successfully 👇

Once the payload was executed please make sure the domain it is executing because sometime, if it was executing in the third-party domains or the domains which are not in scope, will not be eligible for bounty or reward.

But in my case, it was executed in the expected target domain itself!

Wooowwww.

Successfully I can able to achieve Stored XSS in the Cloudflare-protected application.

Which is really awesome 🤑🤑🤑🤑

Tip: You can also use XSS Hunter to showcase more impact.

I found a similar kind of XSS via chatbot, please watch the below video POC 👇

That’s it for this write-up.

Happy Hacking 🥂🥂

Thanks for reading.

Please follow me for more writeups.

--

--

Goutham A S
Goutham A S

Written by Goutham A S

1.2K Followers
0 Following

Assistant Manager - Information Security | Ethical Hacker | Penetration Tester | Blogger | SAST | DAST | API Security | AWSOps | AZ-500 | Reverse Engineering

Responses (12)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams