SQL injection bypass by notsoshant

Date: September 6, 2020Author: wafbypass

Want to bypass WAF? Sometimes they are taken down by easiest of things. One such thing that actually worked for me was:

*Blocked*
q= … select … from …

*Working*
q= … select … <CRLF> from …

DBMS is generally forgiving enough to ignore CRLFs in SQL queries.

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools