| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2066e3ea108c03006f351ec95d3d4371@duszynski.eu> Date: Fri, 06 May 2011 10:48:08 +0200 From: piotr@...zynski.eu To: <full-disclosure@...ts.grok.org.uk> Subject: Imperva SecureSphere - SQL injection filter bypass ======================================================================= Imperva SecureSphere - SQL injection filter bypass ======================================================================= Affected Software : SecureSphere Web Application Firewall (WAF) Severity : High Local/Remote : Remote Author : @drk1wi [Summary] Due to a typo in one of the rules of the sql injection engine the WAF can be bypassed by appending a specially crafted string. [Vulnerability Details] the vector: 15 and '1'=(SELECT '1' FROM dual) and '0having'='0having' won't be classified as malicious and will bypass the SQL Injection filter. 'and '0having'='0having' is causing the bypass. [Time-line] 8/07/2010 - Vendor notified 10/07/2010 - Vendor response 12/08/2010 - Vendor patch release 06/05/2011 - Public disclosure (I was cleaning up my comp.) [Fix Information] Apply ADC Content Update from 12 - August - 2010 Cheers, @drk1wi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists