Alireza Gharib Blog

Tag: #waf

January 22, 2025

Bypassing ModSecurity WAF

Being able to bypass Web Application Firewall (WAF) depends on your knowledge about their behavior. Here is a cool technique that involve expressions that are ignored in MySQL SQL parser (MySQL <= 5.7). This post summarizes the impact on libinjection. The libinjection library is used by WAF such as ModSecurity and SignalScience. For more details…

Cybersecurity, Cybersecurity awareness, firewall, Forensics, Security, Security Awareness, Security Awareness 3.0

#libinjection, #modsecurity, #mysql, #waf
January 22, 2025

WAF Journey – Fixing Telerik UI Remote Code Execution via Arbitrary File Upload

Introduction It might occur that companies discover vulnerabilities on web application assets that were acquired by third party vendors. What happens if the asset is no longer supported/licensed and cannot be promptly updated by the organization? A viable option is by using a Web Application Firewall (WAF) component using a custom developed rule to block…

Cybersecurity, Cybersecurity awareness, Security, Security Awareness

#supply-chain-security, #telerik-ui, #waf, #wapt, #web-application-firewall