Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Abusing JSON-Based SQL to Bypass WAF

 

Information

 

Summary: Is the WAF feature on the LoadMaster vulnerable to this threat
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application:

Question/Problem Description:

Vulnerability Question.  Articles are coming out that further analysis revealed that the WAF could be bypassed by abusing the JSON data sharing format. JSON syntax is supported by all major SQL engines and it’s enabled by default.

Steps to Reproduce:  
Error Message:  
Defect Number: LM-1954
Enhancement Number:  
Cause:  
Resolution: The LoadMaster is not vulnerable, WAF will block these requests.
Workaround:  
Notes:

Link relating to the vulnerability:


Comments