writeups.xyz / A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection

Submitter : c2a

Date: 19 October 2021

Bounty : undisclosed

Vulnerabilities :

• SQL Injection
• WAF Bypass

Programs :

• AWS

Authors :

• Marc Olivier Bergeron

Link :
https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/