In August 2021 I was tasked with performing a Web Application security assessment for a large client. The automated scanning tool returned a possible SQL injection which, just like last time, couldn't be exploited using the said tool. The reason was Cloudflare's WAF and more specifically its SQL Injection filter.

In late 2018 I was tasked with performing a Web Application security assessment for a large client. After running the standard scans with automated tools, something interesting came up: a possible SQL injection which couldn’t be exploited using the tool. The reason: Cloudflare’s WAF and more specifically its SQL Injection filter.