AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Waf cyber security5/13/2023 ![]() ![]() Moshe says “at the core of the vulnerability is a simple SQL injection vulnerability however, the actual exploitation process required us to think outside the box and create a whole new SQL technique”. CVE-2022-1361 Improper Neutralization of Special Elements Used In a SQL Command (‘SQL INJECTION’)įurther, a specific Cambium vulnerability the researchers uncovered proved more challenging to exploit ( CVE-2022-1361). These payloads, since they are not commonly known, could be used to fly under the radar and bypass many security tools.” Claroty reports. “Using JSON syntax, it is possible to craft new SQLi payloads. ![]() All of the significant SQL engines support JSON syntax and it is turned on by default. Later finding revealed that the WAF could be bypassed by abusing the JSON data-sharing format. “IoT and OT processes that are monitored and managed from the cloud may also be impacted by this issue, and organizations should ensure they’re running updated versions of security tools in order to block these bypass attempts.” ![]()
0 Comments
Read More
Leave a Reply. |