The tweet mentions a possible SQL Injection vulnerability in the search feature but unable to prove further due to a WAF. The potential bypass payload for the WAF is 'union select 1,2,3'. In this case, further analysis and testing are required to bypass the WAF for exploiting the SQL Injection vulnerability. It is recommended to analyze the WAF's protections and try different payloads to evade it successfully. Keep testing and refining the bypass technique to validate the vulnerability.
I found a possible SQL Injection vulnerability in the search feature. I confirmed it as the following picture. but I can't prove it further because of WAF. Can you give me some suggestions to bypass this WAF?#bugbountytips #bugbounty pic.twitter.com/r4ZwvrgDCn
— Ninja Vi (@imninjavi) August 15, 2024