A new blog post by Dmitry Evteev shows how an obscure MySQL syntax can be used to bypass ModSecurity signatures. The interesting thing is that the new technique actually takes advantage of a ModSecurity anti-evasion measure. ModSecurity rule set ignore MySQL comments in order to detect attacks that is split using a comment:

or /* comment */ 1=1

However, the obscure syntax actually allow placing MySQL code inside a comment by preceding it with an exlemation mark:

/*! or 1=1 */

On the one hand one might say that this proves that there is no way to win the signatures vs. attacks arm race. On the other hand, this one was always there in the MySQL book so it seem that a somewhat more strenuous effort would enable. I can say this without hurting anyone's feeling since I originally designed the ModSecurity core rule set which this technique bypasses.