Back to directory
WRITEUP #1830

{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF

SQL InjectionWAF bypass
byNoam Moshe
Program
Palo Alto NetworksAWSCloudflareF5Imperva
Published
Dec 8, 2022
Added to HackDex
Dec 9, 2022
Read Full Writeuphttps://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
RELATED WRITEUPS
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
SQL InjectionReverse engineering
Bypassing airport security via SQL injection
SQL Injection
World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
SQL Injection
Listen to the whispers: web timing attacks that actually work
SSRFTiming attack

Built with ❤️ by Shubham Rawat