Re: [mod-security-users] Protection for new WAF bypass for SQL injection json based payload

[Christian F. <chr...@ne...>]

Hi there,

We looked at it from a CRS perspective.

Detection is spotty at paranoia level 1, but CRS detects all the payloads
at PL2. There is pull request that aims to detect everything at PL1.

https://github.com/coreruleset/coreruleset/pull/3055

Best,

Christian

On Tue, Dec 13, 2022 at 09:30:21PM +0530, homesh joshi wrote:
> Hi All,
> 
> Has any one tested the new method mentioned here
> https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
> 
> 
> any successfully block the same with modsec ?
> 
> Thanks,
> Homesh


> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/