🛡️⚔️ WAF Bypass Arsenal █

by @therceman

🐛 Bug Bounty Approved

Full-Width Unicode Symbols Cheatsheet for XSS, CRLF & WAF Bypass 🧙🏻‍♂️

⭐

Char

Full-Width Hex

Unicode

URL Encoded

Description

<

Less than symbol for XSS tags

>

Greater than symbol for XSS tags

"

Double quote for attribute injection

'

Single quote for SQL/XSS injection

(

Opening parenthesis for function calls

)

Closing parenthesis for function calls

;

Semicolon for command separation

=

Equals sign for assignments

&

Ampersand for entity references

/

Forward slash for path traversal

\

Backslash for escape sequences

|

Pipe for command chaining

{

Opening brace for code blocks

}

Closing brace for code blocks

[

Opening bracket for arrays

]

Closing bracket for arrays