One of the most common ways in which developers perform input validation is by blacklisting certain characters of words in information provided by users. The main drawback of this blacklisting approach is that elements that may be used in an attack are often missed because new vectors are found every day.

In this recipe, we will illustrate some methods for bypassing a weak implementation of a blacklisting validation.