This bypass report is about a critical vulnerability found in Aikido Security's WAF product version 1.8.22 with the parameter AIKIDO_BLOCK=true. The vulnerability allows an attacker to bypass the WAF protection completely via a specially crafted HTTP GET request path, despite POST requests being protected. This bypass enables a full SQL injection (SQLi) attack through the GET request path, which can lead to an attacker taking over the administrator account (Admin Account Take Over, ATO). The bug was reported to Aikido Security over 80 days ago through the Intigriti platform but was marked invalid and closed without fixing. The tweet calls for reopening the report with reference AIKIDO-RE3H38UN for further investigation. The tweet emphasizes the critical nature of this bypass and the risks involved, including full admin control through SQLi. It also highlights that parts of the exploit details remain redacted to ensure safety and prevent misuse.
For more insights, check out the original tweet here: https://twitter.com/RoshanS7704/status/2041891392059007094