Citrix Netscaler Web Application Firewall Bypass Vulnerability

I was able to bypass Netscaler WAF using a method which may be called HTTP Header Pollution. The setup that I used was like below. An Apache web server with default configuration on Windows (XAMPP). A SOAP web service which has written in PHP and vulnerable to SQL injection. Netscaler WAF with SQL injection rules. First request was a basic SQL injection payload which was ‘ union select current_user,2# and Netscaler blocked…
Devamı