The bypassing of Spring Boot-based Akamai web app firewalls (WAF) by a hacker could result in remote code execution (RCE).
The WAF from Akamai uses adaptive technologies to prevent known online security risks and was modified a few months ago in order to reduce the danger of Distributed Denial-of-Service (DDoS) attacks.
According to security researcher Peter M, the exploit employed Spring Expression Language (SpEL) injection, better known by the alias ‘pmnh’. Usman Mansha and the analyst Peter H. claimed that Akamai has subsequently corrected the vulnerability, which was not given a CVE number.
“This was the second RCE via SSTI we identified on this program, after the first one, the program added a WAF which we were able to overcome in a different portion of the application,” GitHub explanation of the Akamai WAF RCE read.
Access Point for WAF
The most straightforward approach to access the java.lang. Runtime class was through the SpEL reference $T(java.lang.Runtime), however, Akamai’s software prevented this.
Discovering a connection to a random class was the next step. Peter M., a technical writer,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: