AWS WAF is also vulnerable! The generic bypass “involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse,” “Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks.” https://t.co/IrbZEoLbFY