EIP-2026-118671

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118671. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This advisory details an HTTP Parameter Pollution (HPP) technique to bypass IBM Web Application Firewall by splitting malicious SQL injection payloads across multiple parameters. The technique leverages IIS/ASP.NET parameter concatenation behavior to evade detection while maintaining functional SQL syntax.

Description

IBM Web Application Firewall - Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textremotewindows

https://www.exploit-db.com/exploits/17438

View Code ZIP pw:eip

This advisory details an HTTP Parameter Pollution (HPP) technique to bypass IBM Web Application Firewall by splitting malicious SQL injection payloads across multiple parameters. The technique leverages IIS/ASP.NET parameter concatenation behavior to evade detection while maintaining functional SQL syntax.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: IBM Web Application Firewall (versions in SiteProtector 7.0 and later, including GX4004 and G400 IPS devices with Intrusion Prevention Update version 31.030)

No auth needed

Prerequisites: Target application running on IIS with ASP.NET or ASP · Backend database vulnerable to SQL injection (e.g., Microsoft SQL Server 2000) · IBM Web Application Firewall configured to block SQL injection attempts

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

IBM Web Application Firewall - Bypass

Exploitation Summary

Description

Exploits (1)

Details