[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] WAF "Weakening": Has anyone else witnessed this or has this already been discussed?

From: Neil Matatall <nmatatal@xxxxxxx>
Subject: [WEB SECURITY] WAF "Weakening": Has anyone else witnessed this or has this already been discussed?
Date: Mon, 21 Sep 2009 10:25:41 -0700

I noticed some odd traffic in which single and double quotes were being added to common parameters, most of which were numeric. This activity covered many hosts and came from a few unique IP addresses. The paranoid side of me says that someone may be gearing up for an attack by trying to trick the operator into lessening the restrictions placed on URL/params during the profiling period.

Has anyone else experienced this either currently or in the past? If so, did any targeted attacks take place?

Is there a term for this?

Neil

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- RE: [WEB SECURITY] WAF "Weakening": Has anyone else witnessed this or has this already been discussed?
  - From: Schmidt, Chris
- RE: [WEB SECURITY] WAF "Weakening": Has anyone else witnessed this or has this already been discussed?
  - From: Sylvain Gil

Prev by Date: RE: [WEB SECURITY] Complex CaptCha Solutions
Next by Date: RE: [WEB SECURITY] Complex CaptCha Solutions
Previous by thread: [WEB SECURITY] Complex CaptCha Solutions
Next by thread: RE: [WEB SECURITY] WAF "Weakening": Has anyone else witnessed this or has this already been discussed?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site