https://bhrepublicadominicana.blogspot.com/2016/02/sql-injection-bypassing-waf-web.html