It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Barracuda WAF-as-a-Service

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Claroty JSON SQLi Vulnerabilities

Last updated on 2022-12-20 00:43:13

This article provides an update on the recently discovered JSON-based SQL Injection Vulnerability by Team82.

The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON-based SQL and how it bypasses many name-brand WAF vendors.

Exploit

The attack technique involves appending JSON syntax to SQL injection payloads. The attack affects only web applications using JSON.

Barracuda WAFaaS Mitigation

The Barracuda WAF-as-a-Service protect against this attack with an update in the existing SQL injection category of the Smart Signatures.

The default SQL injection medium and strict checks do not detect this variant, which employs JSON syntax. The new signature detects all identified variants of the JSON syntax-based attacks.

Barracuda Networks has pushed the new signature through Attack Definition Update version 1.222. The Release Notes is updated to reflect the changelog.

Related Articles: