Back to directory
WRITEUP #3315

A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection

SQL InjectionWAF bypass
byMarc Olivier Bergeron
Program
AWS
Published
Oct 19, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/
RELATED WRITEUPS
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
SQL InjectionReverse engineering
Bypassing airport security via SQL injection
SQL Injection
World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
SQL Injection
Listen to the whispers: web timing attacks that actually work
SSRFTiming attack

Built with ❤️ by Shubham Rawat