XSS

You know, that vulnerability class that triagers love to close as “informative” faster than you can type “but wait, there’s a chain.” I took three bugs that would each get laughed out of a triage queue – a Self-XSS nobody can reach, a Cookie Tossing that does nothing, and a predictable CSRF token with no delivery mechanism – and duct-taped them into a single-click bypass of Cloudflare Access’s Temporary Auth approval flow....

Third post about Cloudflare in a row – I promise I hack other things too. This one is about a Reflected XSS I found in Cloudflare’s AI Playground that could steal any user’s chat history and interact with their connected MCP Servers. Along the way, I had to bypass Cloudflare’s own WAF, upgrade from a 2-click exploit to a single-click one, and watch the fix get patched twice before it actually stuck....

Writing something after such a long time. While I wrote the last post with some desperation, I really wanted to elaborate on something interesting I discovered, in some clean fashion. I submitted a couple of nice escalations to Cloudflare in the past couple of months and this one talks about one of them. One fine evening after finishing work at daytime, I noticed Kenny’s post about Cloudflare’s new MCP Server Portal feature....