Skip to main content

bidi_inject

Function bidi_inject 

Source
pub fn bidi_inject(reversed_keyword: &str) -> String
Expand description

Bidi override wrapper — wraps reversed_keyword between U+202E (RIGHT-TO-LEFT OVERRIDE) and U+202C (POP DIRECTIONAL FORMATTING).

The WAF scans left-to-right byte order: it sees tceleS. Rendered text in a BiDi-aware viewer (e.g. browser, IDE, security analyst’s dashboard) shows Select. CVE-2021-42574 (Trojan Source) class.

Narrow direct bypass surface — most SQL parsers reject bare U+202E. Useful primarily for WAF log poisoning and rule-auditing tool confusion; some template engines do strip bidi chars before forwarding, in which case the reversed payload becomes live.