Imperva SecureSphere suffers from a SQL injection filter bypass vulnerability.
0ce953dc9c45e4d790e30f88731ed155f1e45b88d3f3fdfe8ff9f4073180313b
=======================================================================
Imperva SecureSphere - SQL injection filter bypass
=======================================================================
Affected Software : SecureSphere Web Application Firewall (WAF)
Severity : High
Local/Remote : Remote
Author : @drk1wi
[Summary]
Due to a typo in one of the rules of the sql injection engine the WAF
can be bypassed by appending a specially crafted string.
[Vulnerability Details]
the vector: 15 and '1'=(SELECT '1' FROM dual) and '0having'='0having'
won't be classified as malicious and will bypass the SQL Injection
filter.
'and '0having'='0having' is causing the bypass.
[Time-line]
8/07/2010 - Vendor notified
10/07/2010 - Vendor response
12/08/2010 - Vendor patch release
06/05/2011 - Public disclosure (I was cleaning up my comp.)
[Fix Information]
Apply ADC Content Update from 12 - August - 2010
Cheers,
@drk1wi