Trick to bypass waf, so I found a param it was vuln to SQLi but CF was also there, then I tried to exploit the same param on app and it did work there. CF was configured on https://t.co/Su0CYbtEYB but not properly on https://t.co/x4asXP1nGC
#bugbounty #bugbountytips #hackerone