Whitehat hacker bypasses SQL injection filter for Cloudflare easydealssb, easydealssc

Cloudflare is one of the top web security companies out there with a sizeable clientele requiring it to takes its security practices very seriously which it does. However, regardless of this, there are times when vulnerabilities are found by external actors and brought to their notice.
An example of one such case has surfaced recently when cybersecurity researcher George Skouroupathis uncovered a flaw in their Web Application Firewall (WAF) SQL injection protection mechanism.
The experimenting started when George was working on a client’s site which used MySQL as its database. Due to need, he randomly tested for SQL injections by making requests to a specific webpage. This is when he discovered an interesting scenario that became the building block for his vulnerability discovery.
See: White hat hackers infect Canon DSLR camera with ransomware
That is, when he made a query to select a particular variable from a data entity if it matched a certain condition, a 200 OK status notification was given if the condition was met. However, if it did not, the server returned a 500 Internal Server Error. Moving forward, the researcher states in their blog post that:
As a consequence, the content of the application’s database could be accessed this way by an attacker placing user data at risk. Moreover, the researcher even managed to write a Python script that would automate the entire attack.
This was then subsequently reported to Cloudflare who fixed it in a few days. Although no monetary compensation was awarded, George did get a t-shirt and his name in the security provider’s Hall of Fame apparently.
See: Touch Bar in New MacBook Pro ‘Hacked’ by White Hat Hackers
To conclude, there are a number of ways that SQL injections can be executed. It is important that cybersecurity defenders thoroughly evaluate these to make sure that their web applications are not vulnerable to them.
As a parting note, we leave you with a few words of advice from the researcher himself:
It is my opinion that if developers take good care to apply security measures on their applications, WAFs are most of the times unnecessary. All you need to do is sanitize the users’ input properly.
easydealssb easydealssc

This entry was posted in Статьи. Bookmark the permalink.