The tweet from @spaceraccoonsec discusses a SQL injection vulnerability in the /api/device/getDeviceInfo endpoint. The bypass payload used to exploit this vulnerability is { "serialnumber": "'or
@@version
limit 1
offset 100#" }. This payload leverages the @@version token and newlines to bypass the cloud WAF.
This bypass technique is notable as it utilizes the boolean value of @@version to achieve the newline bypass. It demonstrates a clever way to evade WAF protection mechanisms and potentially execute malicious SQL queries.
It is recommended to address this vulnerability promptly to prevent potential data breaches and ensure the security of the system.
For more insights, check out the original tweet here: https://twitter.com/ctbbpodcast/status/1913631266408181774. And don’t forget to follow @ctbbpodcast for more exciting updates in the world of cybersecurity.