BigIP ASM can't block Command Execution Attack

Question

My BigIP device is running on v16.0.1I setup an ASM Policy and mapping many Attack Signature Sets included Command Execution.I try to test with some of testcases. Such as:https://mydomain.com/product?test= ls /var/loghttps://mydomain.com/product?test= pwdhttps://mydomain.com/product?test= tail  /var/../../config.phpAll of testcases are allowed access without blocking.ASM Policy is blocking mode, All Attack Signature are Enforce (not stagging). I see just only Command Execution is not working, the other Signature Sets are running well.&nbsp;

simon_blakely · Accepted Answer

Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Forum Discussion

BigIP ASM can't block Command Execution Attack

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

The HTTP/2 CONTINUATION frame attack

ESRP Strategies: DNS Water Torture Attack

Power of tmsh commands using Ansible

Real Attack Stories: Bank Gets DDoS Attacked

Oracle WebLogic Deserialization Remote Code Execution

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS