Security News > 2022 > December > Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls
A new attack method can be used to circumvent web application firewalls of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.
Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site forgery, cross-site-scripting, file inclusion, and SQL injection.
The generic bypass "Involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse," Claroty researcher Noam Moshe said.
"Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks."
The industrial and IoT cybersecurity company said its technique successfully worked against WAFs from vendors like Amazon Web Services, Cloudflare, F5, Imperva, and Palo Alto Networks, all of whom have since released updates to support JSON syntax during SQL injection inspection.
The bypass mechanism devised by Claroty banks on the lack of JSON support for WAFs to craft rogue SQL injection payloads that include JSON syntax to skirt the protections.
News URL
https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html
Related news
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- SafeLine: Open-source web application firewall (WAF) (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)