SQL injection is a technique used to exploit user data through web page inputs by injecting SQL commands as statements. These statements can be used to manipulate the application's web server by malicious users.
Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Preventing such attacks in application code is challenging. It can require rigorous maintenance, patching, and monitoring at multiple layers of the application topology. A centralized web application firewall helps make security management much more straightforward. A WAF also gives application administrators better assurance of protection against threats and intrusions.
WAF on Front Door is a global and centralized solution. It's deployed on Azure network edge locations around the globe. WAF-enabled web applications inspect every incoming request delivered by Front Door at the network edge. All of the WAF features exist inside of a WAF policy. You can create multiple policies, and they can be associated with an Azure Front Door.
WAF prevents malicious attacks before they enter your server. You get global protection at scale without sacrificing performance. A WAF policy easily links to any Front Door profile in your subscription. New rules can be deployed within minutes, so you can respond quickly to changing threat patterns.
Step 1: Navigate to the registration page where the User can create a new account.
Step 2: Fill in the details and click the "Register" button.
Step 3: Now log in using the new credentials.
Step 4: Click on the User's tab from the navigation tab.
Step 5: Search for a user as shown below:
Step 6: Search the newly created user name.
Well, it is working correctly.
Step 7: Type hello(any random text) and check for results.
No, results were found.
Step 8: Now, give SQL injection as shown below:
hello' or '1'='1
It lists all the user names. It is vulnerable to SQL injection.
Step 9: Refresh the page. Open the inspection element and go to the Network tab.
Step 10: Give the SQL injection once again.
Step 11: Select the search-author.
Step 12: Click on Headers tab.
Step 13: Note down the Request URL. The Request URL is the Backend server URL.
Now search for the source file.
Step 14: We will search for some js files and click on JS tab as shown in the image.
We have a file below.
Step 15: Select the file and click on Headers tab.
The main.adc6b28e.js is in our Storage Account.
Step 16: To view the content inside the main.adc6b28e.js file, click on Sources tab.
Step 17: Select the Storage Account folder and expand it.
Step 18: Open the main.adc6b28e.js file.
Step 19: CTRL+F to search the noted down Request URL.
Remove the /search-author from the end of the URL.
We found it.
Before sending the Request to the URL, we need to sanitize the payload. We will use the Web Application Firewall (WAF) tool for Sanitization. To use this tool, we need to create the Front Door URL and associate the Front Door URL with the WAF tool for Sanitization.
Instead of directly calling our Backend server URL, we will call the Front Door URL, and after proper Sanitization, it will send the payload to the Backend server then we will receive the result.
Now, we will create the Front door URL and assign the backend server URL.
Step 20: Go to resource group and click on + Create.
Step 21: Search for Front door and CDN profiles.
Click on Create.
Step 22: Choose Explore other offerings and then choose Azure Front Door(Classic) and click on Continue button.
Step 23: Fill the following details and click on Next: Configration button.
Step 24: Click on Add button to create Host name.
As shown in the image, a blade is opened on the right of the screen.
Give a hostname and click on the Add button.
Host Name: inefront.
Step 25: Now click on Backend pools.
Step 26: Fill the following:
Name: inebackend
Click on Add a backend.
You will see the following:
Fill in the following:
Backend host type: App service
Backend hostname: SELECT THE BACKEND URL
Backend host header: SELECT THE BACKEND URL
Click on the Add button.
Again click on the Add button.
Step 27: Click on Add button.
Fill in the following:
Name: inerouting
Use /* for the path
And click on the Add button.
Step 28: Once, everything done click on Review + Create button.
Step 29: Click on Create button.
Step 30: You will see the following page on successful deployment. And click on Microsoft Azure to create a WAF resource.
Step 31: Click on Create a Resource.
Step 32: Search for the web applicaiton firewall (waf).
Step 33: Click on Create.
Step 34: Fill the following:
Policy for: Global WAF (Front Door)
Front door tier: Classic
Policy name: azuregoatwaf
Prevention mode: Prevention.
Step 35: Click on Custom rules.
Click on + Add custom rule. Once a rule is matched, the corresponding action defined in the rule is applied to the request. Once such a match is processed, rules with lower priorities are not processed further. A smaller integer value for a rule denotes a higher priority.
Custom rule name: blocksql
Priority: 1
Conditions:
Match type: String
Match variable: RequestBody
Operation: is
Operator: contains
Match values: ' and '1'
Finally, click on the Add button.
Step 36: Click on Association.
Click on + Add frontend host.
Fill in the following:
Frontdoor: inefront
Frontend host: inefront-azurefd-net
Click on the Add button.
Step 37: Click on Review + Create.
Step 38: Click on Create button.
Step 39: If deployment is finished, click on Resource group as shown below:
Step 40: Open inefront resource.
Copy the frontend host URL.
Step 41: We already know where main.adc6b28e.js file is present(refer step 15 and 18). Open the storage account and click on the highlighted container, as shown in the image.
Now open the main.adc6b28e.js using the following path, as shown in the image.
Step 42: We cannot read the file, so click the Download button to download it.
Please wait until it gets downloaded.
Step 43: Open the .js file in the text editor and remove the Backend server URL.
Step 44: Now, add the Front door URL as shown in image.
Step 45: Save the .js file, click on the Upload button, click the browse button, and upload the saved .js file.
Click on the Overwrite and Upload buttons.
Step 46: Open the web application and navigate to the Users as shown in image.
Note: Re-login using the Private window, so there wouldn't be any cookie issues.
Step 47: Check whether working correctly or not. Input a name as shown in the image.
It is working fine.
Step 48: Now input the SQL injection.
Well, you can see SQL injection is not working on the Web application; we successfully prevented it.