writeups.xyz / AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice

Submitter : c2a

Date: 21 June 2023

Bounty : undisclosed

Vulnerabilities :

• SQL Injection
• WAF Bypass

Programs :

• Microsoft
• AWS

Authors :

• Marc Olivier Bergeron

Link :
https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice/