A SQL injection bypass was discovered in Portswigger Lab's WAF using XML encoding. The tweet describes a payload crafted to bypass the WAF's filters and retrieve a password using the UNION function. This bypass technique can be used to exploit SQL injection vulnerabilities in WAF-protected applications.
For more insights, check out the original tweet here: https://twitter.com/0xcris_prp/status/1800415288573427829