Monday, October 25, 2021

Bypassing ModSecurity WAF

Being able to bypass Web Application Firewall (WAF) depends on your knowledge about their behavior. Here is a cool technique that involve expressions that are ignored in MySQL SQL parser (MySQL <= 5.7). This post summarizes the impact on libinjection. The libinjection library is used by WAF such as ModSecurity and SignalScience. For more details on AWS Cloudfront impact, read the original GoSecure article.