Novel JSON Function Use in SQL Injection
Novel JSON Function Use in SQL Injection
09 December 2022, 16:33 UTC
09 December 2022, 16:33 UTC
On the 9th of December 2022, Fastly began investigation into a novel attack vector recently demonstrated in a blog post by security researchers, Claroty’s Team82. It uses JSON functions within SQL injection (SQLi) payloads that may not currently be detected by our NextGen and Legacy WAF products. Since the publication of this new attack vector, our teams have been working to extend detections for Fastly WAF products. Our teams have released a new scoring rule for the Fastly Legacy 2020 WAF that customers may deploy at their convenience.
Our team plans to release initial updates for Next Gen WAF Edge deployments, and a new agent version, that address this novel form of SQL injection later today. CloudWAF instances will be updated shortly thereafter.
Fastly will not be releasing new rules to address this issue for pre-2020 Legacy WAF. Pre-2020 Legacy WAF customers may contact securitysupport@fastly.com for assistance upgrading to 2020 or Next-Gen WAF options.
13 December 2022, 21:50 UTC
13 December 2022, 21:50 UTC
We've improved our agent's SQLI detection to address this attack vector.
To take advantage of this improved detection you will need to upgrade your agents to version 4.36.1. Our documentation on how to upgrade your agents can be found here: https://docs.fastly.com/signalsciences/upgrading/upgrading-an-agent/
If you are using a Cloud WAF or Edge Deployment, our team is currently upgrading these agents to take advantage of this improved SQLI detection.
If you have any questions please reach out securitysupport@fastly.com
14 December 2022, 00:26 UTC
14 December 2022, 00:26 UTC
Fastly Next Generation WAF Edge deployments have now been updated to extend SQLI detections. No customer action is required to leverage these improvements.
15 December 2022, 19:56 UTC
15 December 2022, 19:56 UTC
Cloud WAF deployments have now been updated to extend SQLI detections.