| ID | 1040000213 |
| Created | Jan 03, 2023 |
| Updated | Jan 06, 2023 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | All |
| Affected App | PostgreSQL, MySQL, SQLite, SQLServer |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2023-03-31 | 0.00345 | |
| 2023-01-31 | 0.00340 | |
| 2023-01-03 | 0.00338 |
Refine Search
Threat Encyclopedia
Abusing.JSON-Based.SQL.Bypass.WAF
Description
Using JSON syntax, it is possible to craft new SQLi payloads. These payloads, since they are not commonly known, could be used to fly under the radar and bypass many security tools.
Affected Products
PostgreSQL >= v9.2
MySQL >= v5.7.8
SQLite >= v3.38.0
SQLServer >= v2016
Impact
SQL injection: Remote attackers can exploit SQL injection vulnerability that they used to exfiltrate users’ sessions, SSH keys, password hashes, tokens, and verification codes.
Recommended Actions
Apply the most recent upgrade or patch from the vend or disable JSON in DB.