Scientific Notation Bug Affects WAF
10/29/2021

Researchers from GoSecure found a bug in MySQL and MariaDB's SQL syntax parsers that silently drops some characters in a SQL query.

By abusing this bug attacker could bypass Web Application Firewalls including Amazon's AWS WAF and ModSecurity.

  • AWS and ModSecurity fixed a bug that affects their WAF (Web Application Firewall) customers for SQL injection Attacks.
  • The bug was first highlighted in 2013 by Roberto Salgado in a presentation at BlackHat titled SQLi Optimization and Obfuscation Techniques. The presentation introduces multiple Web Application Firewall bypass techniques for SQL injections. It included techniques for MySQL and MariaDB.
  • The support of scientific notation by various databases such as MySQL and MariaDB allow bypassing the Amazon firewall protections and ModSecurity for the execution of SQL Injection vulnerabilities.

Sign Up Here for Download