Team82 research has found a generic bypass to industry-leading web application firewalls. This includes those used in Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. Researchers found that an SQL injection, or SQLi when launched alongside a JSON syntax, blinded most of these web application firewalls.
Since cybercriminals can use this SQLi vulnerability “to exfiltrate sensitive information,” Team82 quickly alerted the vulnerable vendors and web database administrators. They instructed them to patch their systems immediately.
SQLi remains the top security vulnerability for cloud providers and IT companies. While easy to defend against, the sheer scale and the ease with which they’re carried out make SQLi a continual threat.
Click Here to Read More: