Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Imperva SecureSphere - SQL injection filter bypass

From: piotr () duszynski eu
Date: Fri, 06 May 2011 10:48:08 +0200
=======================================================================
Imperva SecureSphere - SQL injection filter bypass
=======================================================================

Affected Software : SecureSphere Web Application Firewall (WAF)
Severity          : High
Local/Remote      : Remote
Author            : @drk1wi

[Summary]

Due to a typo in one of the rules of the sql injection engine the WAF 
can be bypassed by appending a specially crafted string.

[Vulnerability Details]

the vector: 15 and '1'=(SELECT '1' FROM dual) and '0having'='0having' 
won't be classified as malicious and will bypass the SQL Injection 
filter.

'and '0having'='0having' is causing the bypass.

[Time-line]

8/07/2010 -  Vendor notified
10/07/2010 - Vendor response
12/08/2010 - Vendor patch release
06/05/2011 - Public disclosure (I was cleaning up my comp.)

[Fix Information]

Apply ADC Content Update from 12 - August - 2010

Cheers,
@drk1wi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: