Syed Mushfik Hasan Tahsin, a Bangladesh-based cybersecurity enthusiast, has shared details of how they managed to bypass a Big IP Local Traffic Manager (F5 Networks) web application firewall using a technique known as “hex overflow”.
In the process of analysing why a particular payload wasn’t working, they found that the equal sign was being blocked by the firewall.
This led them to experiment with alternative representations of the equal sign, which led them to discover that the firewall’s URL decoder was vulnerable to “hex overflow” errors.
Using this approach, they were able to generate different characters in the payload that were then processed as code by the firewall, thus allowing them to get past the firewall and execute their desired actions.
The vulnerability has now been patched by F5 Networks.