Wednesday, February 8, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Hackers are using a new method to bypass WAFs

Hackers are using a new method to bypass WAFs

Team82 disclosed a new attack technique, the first generic bypass for multiple web application firewalls.


Erdem Yasar Erdem Yasar
December 12, 2022
2 min read
Hackers are using a new method to bypass WAFs
  • Team82’s bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva.
  • Attackers using this technique would be able to bypass the WAF’s protection and use additional vulnerabilities to exfiltrate data.
  • The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. 

Team82 announced that it has developed a generic bypass of industry-leading web application firewalls. It works on Palo Alto, F5, Amazon Web Services, Cloudflare, and Imperva WAFs. The vendors acknowledged the disclosure and released fixes to add support for JSON syntax to SQL inspection processes. The method relies on understanding how WAFs identify and flag SQL syntax as malicious, and then finding SQL syntax the WAF is blind to.

Appending JSON syntax to SQL injection

The team started this journey while researching Cambium Networks’ wireless device management platform, including its cnMaestro wireless network manager. The team downloaded an Open Virtualization Format virtual machine of cnMaestro’s on-premises deployment from Cambium’s website. cnMaestro includes many different NodeJS backend services, handling users’ requests to specific routes. Nginx is used to pass the requests by the requested URL to proxy each request to the correct service. cnMaestro offers two different deployment types:

  1. On-Premise Deployment: A dedicated cnMaestro server is created that is hosted and managed by the user.
  2. Cloud Deployment: A cnMaestro server hosted on Cambium Networks’ cloud infrastructure; all such instances of cnMaestro are hosted on Amazon AWS’ cloud under Cambium’s organization in a multi-tenant architecture.

cnMaestro cloud deployments on AWS include a main instance of cnMaestro to handle logins, device deployment and saves most of the platform’s data inside the main database. Users who register to the application are given a personal AWS instance with a personal URL and an organizational identifier. The team discovered seven different vulnerabilities in Cambium cnMaestro. One of them allowed the team to discover and develop this technique.

The team stated that popular WAFs didn’t support JSON syntax in their SQL injection inspection process. It enabled the team to prepend JSON syntax to a SQL statement that blinded a WAF to the malicious code. Claroty said,

« Team82’s novel attack technique effectively bypasses the ability of a web application firewall to adequately detect SQL injection attacks. We did so through a complex journey that began with unrelated research that was being thwarted by a web application firewall, setting off a chain of events leading to our generic WAF bypass. 

Team82 disclosed its findings to five of the leading WAF vendors, all of which have added JSON syntax support to their products. We believe that other vendors’ products may be affected, and that reviews for JSON support should be carried out. Below are Amazon’s and F5’s acknowledgements and fixes, for example. »

See more Cybersecurity News


Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7 News. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7 News, Erdem was the managing editor of T3 Magazine.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
CERN and Fermilab recommend AlmaLinux

CERN and Fermilab recommend AlmaLinux

Related News

CISA publishes VMware ESXi ransomware recovery tool

CISA publishes VMware ESXi ransomware recovery tool

February 8, 2023 3:45 pm
New local privilege escalation vulnerability strikes X.Org server

New local privilege escalation vulnerability strikes X.Org server

February 7, 2023 9:45 pm
Red Hat brings new security capabilities to Red Hat OpenShift

Red Hat brings new security capabilities to Red Hat OpenShift

February 7, 2023 8:55 pm
Cisco fixes command injection vulnerability

Cisco fixes command injection vulnerability

February 6, 2023 5:00 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • CISA publishes VMware ESXi ransomware recovery tool
  • WordPress 6.2 Beta is ready for testing
  • New local privilege escalation vulnerability strikes X.Org server
  • Red Hat brings new security capabilities to Red Hat OpenShift
  • With BuddyPress 12.0, BP Rewrites will support backward compatibility

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.