In the tweet, a security researcher shared a method to bypass the Fortinet Web Application Firewall (WAF) that was blocking SQL Injection (SQLi) attempts. Initially, the researcher tried common bypass techniques using encoding but failed. Finally, the bypass was achieved by appending more than 1,000 characters of junk data to the SQLi payload. This method allowed the malicious input to bypass the WAF's filtering and get through.
Fortinet WAF is known for filtering potentially malicious inputs to prevent SQLi attacks. However, this bypass technique shows that by using a large amount of irrelevant data appended to the payload, the WAF's detection can be evaded.
This finding is important for penetration testers and security researchers as it highlights a possible limitation or vulnerability in Fortinet's WAF detection mechanisms for SQL injection attacks. Users of Fortinet WAF should consider this risk and explore additional mitigations or rule updates to prevent such bypasses.
Check out the original tweet here: https://twitter.com/Icko_GZ/status/1999054135484989759