search

wallarm / gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
https://lab.wallarm.com/test-your-waf-before-hackers/
MIT License
1.53k stars 211 forks source link

Detect JSON bypass #178

Closed rholden3 closed 1 year ago

rholden3 commented 1 year ago

I was wondering if it would be possible to add support to test for the recently discovered JSON bypass

https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf

svkirillov commented 1 year ago

Hi!

Thanks for your suggestion! We will add these test cases in one of the next releases.

svkirillov commented 1 year ago

After looking at the existing payloads, it seems that similar payloads are already present in the testcases, e.g. here.