🟠Bypassing an internal WAF through null byte injection
Tried to inject null byte between each mysql keyword to confuse their WAF and it worked then after getting the db names i injected the following payload to get all the tables in the admin database.
| Url | Type | Bounty |
|---|---|---|
| https://hackerone.com/reports/2051931 | Blind SQL Injection | - |