An attacker intentionally introduces leading characters that enable
						getting the input past the filters. The API that is being targetted, ignores
						the leading "ghost" characters, and therefore processes the attacker's
						input. This occurs when the targetted API will accept input data in several
						syntactic forms and interpret it in the equivalent semantic way, while the
						filter does not take into account the full spectrum of the syntactic forms
						acceptable to the targetted API.