diff --git a/pentesting-web/sql-injection/mysql-injection/README.md b/pentesting-web/sql-injection/mysql-injection/README.md
index 96fd31c6b..848c14da7 100644
--- a/pentesting-web/sql-injection/mysql-injection/README.md
+++ b/pentesting-web/sql-injection/mysql-injection/README.md
@@ -137,6 +137,16 @@ UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+...
 
 ## WAF bypass tricks
 
+### Executing queries through Prepared Statements
+
+When stacked queries are allowed, it might be possible to bypass WAFs by assigning to a variable the hex representation of the query you want to execute (by using SET), and then use the PREPARE and EXECUTE MySQL statements to ultimately execute the query. Something like this:
+
+```
+0); SET @query = 0x53454c45435420534c454550283129; PREPARE stmt FROM @query; EXECUTE stmt; #
+```
+
+For more information please refer to [this blog post](https://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce).
+
 ### Information\_schema alternatives
 
 Remember that in "modern" versions of **MySQL** you can substitute _**information\_schema.tables**_ for _**mysql.innodb\_table\_stats**_ or for _**sys.x$schema\_flattened\_keys**_ or for **sys.schema\_table\_statistics**