For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 28, 2020
Solved

BigIP ASM can't block Command Execution Attack

My BigIP device is running on v16.0.1 I setup an ASM Policy and mapping many Attack Signature Sets included Command Execution. I try to test with some of testcases. Such as: https://mydomain.com/...
ASM Advanced WAF
security
  • Simon_Blakely's avatar
    Simon_Blakely
    Nov 30, 2020

    Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

    https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Nov 30, 2020

Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 30, 2020

You are right.

Escape character ( ` ) make ASM recognize Command Execution Attack.

Thanks so much.