This blog post explains a WAF bypass discovered on Fortinet's FortiWAF related to Blind SQL Injection (SQLi). FortiWAF is a popular web application firewall designed to protect web applications from various attacks, including SQL injection. In this case, a bypass technique was found that allows an attacker to perform Blind SQL injection attacks despite the WAF's protections.
The bypass involves crafting specific SQL payloads that are not detected or blocked by the FortiWAF rules, enabling an attacker to extract data or manipulate the backend database indirectly. Blind SQL injection is particularly dangerous because it allows data extraction even when error messages are not displayed, often by relying on time delays or boolean responses.
Understanding and mitigating such bypasses is crucial for maintaining the security of applications protected by FortiWAF. Developers and security teams should update their WAF rules, implement additional detection mechanisms, and perform thorough security assessments to prevent exploitation from such bypass techniques.
For more details, check out the original tweet here: https://twitter.com/dntverif/status/1943137045972734361