XSS

Third post about Cloudflare in a row – I promise I hack other things too. This one is about a Reflected XSS I found in Cloudflare’s AI Playground that could steal any user’s chat history and interact with their connected MCP Servers. Along the way, I had to bypass Cloudflare’s own WAF, upgrade from a 2-click exploit to a single-click one, and watch the fix get patched twice before it actually stuck....

Writing something after such a long time. While I wrote the last post with some desperation, I really wanted to elaborate on something interesting I discovered, in some clean fashion. I submitted a couple of nice escalations to Cloudflare in the past couple of months and this one talks about one of them. One fine evening after finishing work at daytime, I noticed Kenny’s post about Cloudflare’s new MCP Server Portal feature....