Source |
CSO |
Identifiant |
8289305 |
Date de publication |
2022-12-08 12:26:00 (vue: 2022-12-08 21:06:07) |
Titre |
JSON-based SQL injection attacks trigger need to update web application firewalls |
Texte |
Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads.The bypass technique, discovered by researchers from Claroty's Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released patches, so customers should update their WAF deployments. However, the technique might work against WAF solutions from other vendors as well, so users should ask their providers if they can detect and block such attacks.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
add against allowing alto amazon application article ask attackers attacks aws based block bypass bypasses can claroty click cloudflare confirmed core customers deployments detect developed discovered easily failing firewalls from full generic have here hide however imperva injection inside issue json malicious might multiple need networks other palo patches payloads please potential providers read released researchers security services should solutions sql statements such support team82 technique these trigger update users vendors waf wafs web well work |
Tags |
|
Stories |
|
Notes |
★★★
|
Move |
|