JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs
Reading Time: 3 Minutes
Security researchers have developed a technique that prevents web application firewalls (WAFs) from detecting SQL injection attacks.
Several leading vendors’ WAFs failed to support JSON syntax in their SQL injection inspection process, allowing security researchers from Claroty’s Team82 to “prepend JSON syntax to a SQL statement that blinded a WAF to the malicious code”.
The hack worked against WAFs from five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva.
All five have updated their products to support JSON syntax in their SQL injection inspection process, clearing the way for Claroty to publish a technical blog post detailing its research.
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
Prior to recent security updates, attackers using the JSON-based hack would have been able to bypass the WAF’s protection in attempts to exfiltrate data or mount other potential attacks.
“Major WAF vendors lacked JSON support in their products, despite it being supported by most database engines for a decade,” Claroty notes.
“We believe that other vendors’ products may be affected, and that reviews for JSON support should be carried out.”
JSON is a standard file and data exchange format, often used to exchange data between a server and a web application.
The generic WAF bypass was covered by Team82 during the course of unrelated research (specifically into Cambium Networks’ wireless device management platform) that was being thwarted by a web application firewall.
Trending: Offensive Security Tool: Pycrypt
IoT and OT processes that are monitored and managed from the cloud are most at risk from the issue, according to Claroty. “Organizations should ensure they’re running updated versions of security tools in order to block these bypass attempts,” it advised.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: portswigger.net