WAFs of Several Major Vendors Bypassed With Generic Attack Method


A general technique for getting beyond the web application firewalls (WAFs) of numerous major vendors has been discovered by Claroty, a cybersecurity company for the industrial and Internet of Things. Further investigation indicated that the JSON data sharing standard might be abused to get around the WAF.

Following a review of the wireless device management platform from Cambium Networks, Claroty’s researchers identified the technique. They found a SQL injection flaw that might allow unauthorised access to private data such session cookies, tokens, SSH keys, and password hashes.

Read More…