Don't be the IT hero who has to do everything yourself. It might feel good, but you're an operational bottleneck who doesn't give others a chance to learn.
The post You Can’t Do Everything Yourself appeared first on Packet Pushers.
Don't be the IT hero who has to do everything yourself. It might feel good, but you're an operational bottleneck who doesn't give others a chance to learn.
The post You Can’t Do Everything Yourself appeared first on Packet Pushers.
Duh! Networks are becoming more software-centric.
The post Worth Reading: Docker Launches Vulnerability Scanner appeared first on 'net work.
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand why it appeared that some simple GET requests for their homepage were listed as blocked in WAF analytics.
A sample request looked liked this:
GET / HTTP/1.1
Host: www.example.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (compatible; MSIE 11.0; Windows NT 6.1; Win64; x64; Trident/5.0)'+(select*from(select(sleep(20)))a)+'
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,fr;q=0.6
As I said, a simple request for the homepage of the web site, which at first glance doesn’t look suspicious at all. Unless your take a look at the User-Agent
header (its value is the string that identifies the browser being used):
Mozilla/5.0 (compatible; MSIE 11.0; Windows NT 6.1; Win64; x64; Trident/5.0)'+(select*from(select(sleep(20)))a)+
The start looks reasonable (it’s apparently Microsoft Internet Explorer 11) but the agent strings ends with '+(select*from(select(sleep(20)))a)+
. The attacker is attempting a SQL injection inside the User-Agent
value.
It’s common to see SQL injection in URIs and form parameters, but here the attacker has hidden the SQL query select * from (select(sleep(20)))
inside the User-Agent
Continue reading