This bypass technique is called Zero-Width Space Injection. It is used to evade Web Application Firewalls (WAFs) by injecting zero-width space characters into payloads. These characters are invisible and do not affect the payload's execution but can bypass simple pattern matching in many WAFs. This method can potentially bypass detection for multiple types of attacks including XSS, SQLi, and others as it exploits the WAF's inability to recognize these invisible characters. Pentesters and security professionals can use this technique to test the robustness of WAF implementations.
Check out the original tweet here: https://twitter.com/UndercodeUpdate/status/1962644526838780196
Subscribe for the latest news: