Researchers at industrial cybersecurity platform Claroty have devised a method that could be used by attackers to access sensitive business and customer information by bypassing web application firewalls (WAFs) to infiltrate systems.
The technique was used successfully against the WAFs of Amazon Web Services, Cloudflare, F5, Imperva, and Palo Alto Networks, among other vendors.
Claroty's Noam Moshe said the method "involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks."
Vendors have responded with updates to support JSON syntax during SQL injection inspection.
Moshe added, "This is a dangerous bypass, especially as more organizations continue to migrate more business and functionality to the cloud."
From The Hacker News
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA