Learn Cyber Security

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the payload in the server.  Let’s e

Introduction to WAFs, WAF types and WAF Bypassing   As many of you may know, a Web Application Firewall is a firewall that sits in front of our web applications, and filters, analyzes and blocks all the HTTP traffic that passes through, and tries to communicate with the web server. The basic element of this security implementation is the HTTP protocol, that manages the communication of the client with the server, and the opposite. What WAFs are doing in this protocol is setting rules for the HTTP conversation. These rules secure the website from common attacks in the industry, like cross site scripting and SQL injection, but as you can understand, this is not so easy, and many times they fail.   You may have seen WAFs called reverse proxies. This is because WAFs are generally protecting the server side, and if we say that a proxy can protect the client, then a reverse proxy can protect the server. It should also be noted that HTTP is stateless, and the same happens with web application