A detailed writeup on bypassing Akamai's Kona WAF to exploit a blind SQL injection vulnerability in a Google BigQuery backend by leveraging division-by-zero errors and the STRPOS function to extract database information without triggering WAF detection rules.
A bug bounty hunter documents two SQL injection vulnerabilities discovered in a private program, both protected by WAF (Web Application Firewall) that blocks requests randomly. The author develops Python scripts that exploit timing and retry logic to overcome WAF blocking mechanisms—one using repeated requests when WAF returns maintenance errors, and another using multiple retries to differentiate between WAF-generated and server-generated error responses.
A writeup on bypassing a Web Application Firewall (WAF) to exploit a blind SQL injection vulnerability discovered during security research. The article documents the techniques used to evade WAF detection while exploiting the underlying database vulnerability.