Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls Web Application Firewalls (WAFs) are a crucial line of defense against web-based attacks. However, an emerging threat comes from protocol-level evasion vulnerabilities, in which adversaries exploit parsing discrepancies between the WAF HTTP parser and those of web applications to circumvent WAFs. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. In this talk, we propose WAF Manis, a novel testing framework to automatically discover protocol-level evasion vulnerabilities in WAFs. We evaluated WAF Manis against 14 popular WAFs including Cloudflare and ModSecurity and 20 popular web frameworks including Laravel and Spring. In total, we discovered 311 protocol-level evasion cases affecting all tested WAFs and applications. Due to the generic nature of protocol-level evasions, these evasion vulnerabilities do not hinge on specific payload patterns and can transmit any malicious payloads - for instance, SQL injection, XSS, or Log4jShell - to the target websites. We further analyzed these vulnerabilities and identified three primary reasons contributing to WAF evasions. We have reported those identified vulnerabilities to the affected providers and received acknowledgments and bug bounty rewards from Cloudflare WAF, Fortinet WAF, Alibaba Cloud WAF, Huawei Cloud WAF, ModSecurity, Go security Team, and the PHP security team. By: Qi Wang | P.h.D Student, Tsinghua University Jianjun Chen | Assistant Professor, Tsinghua University and Zhongguancun Laboratory Run Guo | Ph.D. Candidate, Tsinghua University Chao Zhang | Tenured Associate Professor, Tsinghua University and Zhongguancun Laboratory Haixin Duan | Professor, Tsinghua University; Zhongguancun Laboratory; QI-ANXIN Technology Research Institute Full Abstract and Presentation Materials: https://ift.tt/IZmMkft
source https://www.youtube.com/watch?v=RgBf7P2BkJM
-
Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding....
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
No comments:
Post a Comment