Changes between Initial Version and Version 1 of Ticket #33212, comment 5
- Timestamp:
- Oct 21, 2021, 7:32:41 PM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #33212, comment 5
initial v1 5 5 > As far as I'm aware you will first need to convince users to use such a browser. 6 6 7 One common vulnerability from parsing mismatch is a WAF bypass. If the WAF & application have a parsing mismatch, you can trick the WAF into allowing requests through. See the 'Messing around with a WAF parser' section for an example https://blog.isec.pl/waf-evasion-techniques/7 One common vulnerability from parsing mismatch is a WAF bypass. If the WAF & application have a parsing mismatch, you can trick the WAF into allowing requests through. See the 'Messing around with a WAF parser' section of this article for an example https://blog.isec.pl/waf-evasion-techniques/ 8 8 9 Typically this is because WAF S have bad parsers, but the vulnerability works either way. This would be typicallyused for sql injection and would not require any user interaction.9 Typically this is because WAFs have bad parsers, but the vulnerability works either way. This is often used for sql injection and would not require any user interaction. 10 10 11 11 Take this theoretical cookie: … … 15 15 16 16 A python based WAF would see the user_id as a non malicious integer, while Django would have the value ";' DROP TABLE important_data" ready to be injected. 17 This attack would require 0 user interaction. 17 18 No interaction from the user, just a carefully crafted request from an attacker. 18 19 19 20 Thankfully in Django, this attack would require custom authentication that was vulnerable to sql injection, since the ORM protects us.