The tweet suggests that if a WAF is properly configured, SQL Injection is unlikely to occur, and the focus should be on bypassing the WAF. It highlights the importance of having a well-configured WAF to mitigate SQL Injection attacks. However, it does not provide a specific bypass payload or mention the vendor of the WAF. It is important to ensure all aspects of WAF configuration are secure to prevent bypass attacks.
If your WAF is correctly configured SQLi is mostly likely impossible, rather focus on “bypass” https://t.co/5uAgreVjPA
— Ajéw?lè (@SM_Ajewole) September 6, 2024