Profense Web Application Firewall and Load Balancer multiple vulnerabilities
Joint Trustwave's SpiderLabs Security Advisory TWSL2009-001 and
EnableSecurity Advisory ES-20090500: Profense Web Application Firewall
and Load Balancer multiple vulnerabilities
Published: 2009-05-19 Version: 1.0
We noted that researchers from Trustwave and EnableSecurity were able to bypass the protection of
Profense Web Application Firewall.
The following words caught our attention:
Sample exploits that bypass the defense:
- "pattern matching in multi line mode matches any non-hostile line and marks the whole request as legitimate. by making use of a URL-encoded new line character" (Logic Flaw)
It's necessary to test web application firewalls with various payloads by transforming existing known attack vectors into various encoding formats and forms.
It's not enough to try payloads straightly from available XSS Cheatsheets: