Someone found a way past WAF for sql injection using JSON. https://t.co/lJP5wmYNc7