In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF. Such attack is possible By exploiting a cross-site scripting vulnerability in the log viewer facility of the dotDefender admin interface. Watch the video below for a more in depth explanation of the attack. From the below video one can also learn and understand the importance of having secure web applications, especially if they are to be accessed by trusted administrators. As we’ve seen, while the administrator is doing his job (checking out the log files) a vulnerability is exploited and without knowing, he opens the doors for hackers!
More info and video demo: http://www.acunetix.com
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Web application firewall bypass with a XSS attack”
Leave a reply