The WAF Deception: 70% of Firewalls Bypassed by HTTP Parameter Pollution and JS Injection
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP parameter pollution. Tests encompassing products from major cloud platforms and cybersecurity vendors demonstrated that over 70% of WAF configurations could be bypassed using carefully crafted requests.
The key to this attack lies in the discrepancies between how web applications and protective systems process duplicate parameters in HTTP requests. The vulnerability was first identified in an ASP.NET application protected by a strictly configured WAF. ASP.NET has the characteristic behavior of merging multiple parameters with the same name into a single value, separated by commas. This behavior becomes critical when such parameters are interpreted within a JavaScript context—even seemingly innocuous values can be transformed into executable code.
For instance, a request such as /?q=1’&q=alert(1)&q=’2
results in the server generating the string 1′,alert(1),’2
, which, when embedded into a JavaScript line, becomes syntactically valid and leads to code execution. The culprit is the comma operator in JavaScript, which allows sequential execution of expressions. This opens a path for injecting malicious scripts while evading the signature-based filters of most WAFs.
The technique, known as HTTP Parameter Pollution, is not new. However, its fusion with JavaScript injection significantly enhances its effectiveness. Researchers tested 17 different WAF configurations from AWS, Google Cloud, Microsoft Azure, Cloudflare, and others. Simple payloads bypassed about 17% of defenses, but when parameter pollution was applied, the success rate surged to 70%.
Only five configurations successfully withstood all test cases: a specific ruleset from Azure WAF, Google Cloud Armor, and three setups from open-appsec. Particularly vulnerable were three AWS WAF rulesets, each of which failed every test, allowing all malicious payloads to pass through unimpeded. The broader trend highlighted a clear advantage of machine learning–based systems over traditional signature-based ones: behavioral models proved far more adept at detecting subtly obfuscated attack patterns.
Nonetheless, even advanced solutions harbored weaknesses. The researchers’ autonomous “hackbot” discovered a misconfigured Azure WAF instance that could be circumvented using a rudimentary payload: test\’;alert(1);//
. This underscores the reality that even cloud-native security solutions, often marketed as industry-leading, remain susceptible to elementary evasion techniques.
The researchers emphasize that a WAF cannot function as a standalone security perimeter in the presence of insecure application code. The existence of such vulnerabilities points to a fundamental disconnect between input processing logic in protective systems and web applications. Without architectural re-evaluation and robust input sanitization within the application itself, even the most expensive WAFs cannot guarantee effective protection against parsing-based attack vectors.