SQL Injection

Bypassing WAF by Playing with Parameters

In this post, I’ll explain two similar techniques that can be used to bypass Web Application Firewalls (WAF). These are HTTP Parameter Pollution (HPP) and HTTP Parameter Fragmentation (HPF).

Read more

A Not-So-Blind RCE with SQL Injection

Once again, I’m back with another story of an interesting finding. This time I’ll be explaining an SQL injection instance, but this was bit different.

Read more