Test the WAF Policy by Replicating the SQL Injection Attack

Now that the WAF policy is applied, retry the SQL injection attack to see if the attempt is blocked.

  1. In your Jump Server RDP session, click Applications and then Terminal.
../../../_images/terminal_click2.png ../../../_images/terminal_new2.png
  1. In the terminal window that opens, enter the command below.
curl -d POST -kLH "host: diy.arcadia-finance.io" "https://nginx-plus-2.appworld.lab/trading/auth.php" -H 'Sec-Fetch-User: ?1' --data-raw 'username='+or+1=1'--&password=' |& sed 's/>/>\n/gI'
  1. As shown below, a support ID is generated when the response is returned. Select and copy this value so that you can search for it in SM.
  1. Return to NIM and navigate to Security Monitoring by clicking the drop-down in the top left of the screen and selecting Security Monitoring.
  1. You’ll be presented with the Security Monitoring landing page, as shown below. Please spend a minute or so looking around at the Security Dashboard details while the system processes the attack.
  1. On the left menu, select Support ID Details.
  1. You’ll be prompted for your support ID.
  1. Enter your support ID into the search field and click the arrow to search. If you initially receive an error, wait a few moments and click Try Again.
  1. Once the security event has loaded, click the Show More button to reveal the complete request. You can see details surrounding the violation that is blocking images on your app.
../../../_images/SM_support_id_show_more.png ../../../_images/SM_support_id_details1.png

NGINX App Protect WAF is now enforcing protection for the site.