From XSS to MCP Takeover: Hacking Cloudflare's AI Playground
Third post about Cloudflare in a row – I promise I hack other things too. This one is about a Reflected XSS I found in Cloudflare’s AI Playground that could steal any user’s chat history and interact with their connected MCP Servers. Along the way, I had to bypass Cloudflare’s own WAF, upgrade from a 2-click exploit to a single-click one, and watch the fix get patched twice before it actually stuck....