Scientific Notation Bug Affects WAF
10/29/2021
Researchers from GoSecure found a bug in MySQL and MariaDB's SQL syntax parsers that silently drops some characters in a SQL query.
By abusing this bug attacker could bypass Web Application Firewalls including Amazon's AWS WAF and ModSecurity.
- AWS and ModSecurity fixed a bug that affects their WAF (Web Application Firewall) customers for SQL injection Attacks.
- The bug was first highlighted in 2013 by Roberto Salgado in a presentation at BlackHat titled SQLi Optimization and Obfuscation Techniques. The presentation introduces multiple Web Application Firewall bypass techniques for SQL injections. It included techniques for MySQL and MariaDB.
- The support of scientific notation by various databases such as MySQL and MariaDB allow bypassing the Amazon firewall protections and ModSecurity for the execution of SQL Injection vulnerabilities.