Web Application Firewall is a good but not perfect solution for protecting websites. It’s the defense framework made by request filtering rules, but those rules could be very simple and easily…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

Web Application Firewalls (WAFs) can be bypassed using various techniques, especially during SQL injection attacks. This guide explores time-based SQL injection methods using tools like sqlmap and ghauri, detailing specific commands and tampering scripts to evade WAF rules. It demonstrates practical examples on intentionally vulnerable websites and discusses strategies to handle both simple and advanced WAF defenses.

SQLi WAF Bypass Techniques Part 1 — Time-Based Attacks