Sign In

Communications of the ACM

ACM TechNews

New Attack Method to Bypass Popular Web Application Firewalls

View as: Print Mobile App Share:
A vault being opened.

Said Claroty researcher Noam Moshe, "Attackers using this novel technique could access a backend database and use additional vulnerabilities and exploits to exfiltrate information via either direct access to the server or over the cloud."


Researchers at industrial cybersecurity platform Claroty have devised a method that could be used by attackers to access sensitive business and customer information by bypassing web application firewalls (WAFs) to infiltrate systems.

The technique was used successfully against the WAFs of Amazon Web Services, Cloudflare, F5, Imperva, and Palo Alto Networks, among other vendors.

Claroty's Noam Moshe said the method "involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks."

Vendors have responded with updates to support JSON syntax during SQL injection inspection.

Moshe added, "This is a dangerous bypass, especially as more organizations continue to migrate more business and functionality to the cloud."

From The Hacker News
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account