Forum Discussion

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 28, 2020

BigIP ASM can't block Command Execution Attack

My BigIP device is running on v16.0.1 I setup an ASM Policy and mapping many Attack Signature Sets included Command Execution. I try to test with some of testcases. Such as: https://mydomain.com/...
ASM Advanced WAF
security
  • Simon_Blakely's avatar
    Simon_Blakely
    Nov 30, 2020

    Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

    https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee

Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 30, 2020

You are right.

Escape character ( ` ) make ASM recognize Command Execution Attack.

Thanks so much.