The tweet suggests attempting a bypass by adding whitespace or hidden characters to the payload {{, {? in order to potentially bypass a WAF that is only filtering these specific characters. Depending on the backend, encoding the payload differently could also be an option for bypassing the WAF. It is important to understand the filtering mechanism and backend logic to effectively bypass the WAF in this scenario.
Check out the original tweet here: https://twitter.com/fuserdd/status/1769436966670528580
Subscribe for the latest news: