The new attack method can be used to bypass the files of web applications (WAF) of various manufacturers and penetration into systems, which can allow attackers to access important business and client information.
Circle of web applications Firewalls is carried out by adding synth. Json to the payload at SQL-infection.
“Most WAF systems easily find SQLI attacks, however, adding json” blinds “firewalls,- Says NOAM MOSH, researcher from Claroty.
According to experts from Claroty, their method works great against WAF from Amazon Web Services (AWS), Cloudflare, F5, IMPERVA and Palo Alto Networks. It is worth noting that all the developers closed this loophole in the latest updates.
/Media reports cited above.