Scientific Notation bug bypass AWS WAF protection

AWS WAF and mod_security Apache module were affected by a scientific notation bug discovered back in 2013 that allowed to bypass the WAF to successfully exploit a SQL injection vulnerability. Find below the payload used for the attack showing the scientific notation: Executing the following command it was possible to bypass the WAF SQL injection…
Read more