The tweet describes a SQL injection vulnerability in the 'id' parameter using time-based blind and union query techniques. The user suggests using SQLMap with specific parameters for exploitation. To bypass the WAF, the user mentions tampering with the payload. More information is needed to determine the specific WAF evasion technique.
this params id atck time based blind and union query. this sqlmap –level=5 –risk=3 . and how to bypass waf? using tamper or just from payload ?
— alec (@dntverif) August 22, 2024