It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Claroty JSON SQLi Vulnerabilities

  • Last updated on

This article provides an update on the recently discovered JSON-based SQL Injection Vulnerability by Team82.

The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON-based SQL and how it bypasses many name-brand WAF vendors.

Exploit

The attack technique involves appending JSON syntax to SQL injection payloads. The attack affects only web applications using JSON.

Barracuda Web Application Firewall Mitigation

The Barracuda Web Application Firewall (WAF) protect against this attack with an update in the existing SQL injection category of the Smart Signatures. 

The default SQL injection medium and strict checks do not detect this variant, which employs JSON syntax. The new signature detects all identified variants of the JSON syntax-based attacks.

Barracuda Networks has pushed the new signature through Attack Definition Update version 1.222. The Release Notes have been updated to reflect the changelog.

The Attack Definitions are available only as part of the Energize Updates subscription.

Action Required

  1. Set Automatic Updates to ON for the WAF devices to receive the latest Attack Definition version 1.222.
  2. Set the Operating Mode for the new attack pattern "sql-tautology-conditions-json-bypass-string" to Active in the ADVANCED > View Internal Patterns > Attack Types > sql-injection-medium group.

    View_Internal_Patterns.png

    Attack_Types.png

    Attack_Pattern.png

This pattern group category is a default setting for all existing profiles (URL and Parameter protections). It is advised to watch out for false positives from this pattern and to contact Barracuda Networks Technical Support as required.

Related Articles: