This tweet shares a set of SQL injection (SQLi) write-ups by Ahmed Sultan, which include techniques such as Blind boolean-based injection, WAF bypass combined with error-based SQLi for extracting admin passwords, and UNION-based SQLi. The content highlights different methods to exploit SQLi vulnerabilities despite WAF protections. The WAF bypass indicates that the WAF was circumvented to perform error-based SQL injection to extract sensitive information like administrator passwords. Although the specific WAF vendor is not mentioned, the examples demonstrate practical SQLi exploitation techniques against web applications protected by WAFs, showing that attackers can still find ways to bypass these defenses. These write-ups can be educational for security researchers and penetration testers to understand advanced SQLi techniques and improve WAF rules.
For more insights, check out the original tweet here: https://twitter.com/Youssef0x01/status/1938515802556133869. And don’t forget to follow @Youssef0x01 for more exciting updates in the world of cybersecurity.