SQL injection

Unanswered Question
Jun 3rd, 2008
User Badges:

Hi, in the cisco IPS there is only 2 signatures that detect SQL in http request, checking a certain select ... from statement, but there are a lot more SQL injection technigues using the Drop or the insert, checking also the (') ... why is there not much more signatures about SQL injection ? what is the best way to do them manually ?

Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Tue, 06/03/2008 - 08:08
User Badges:
  • Blue, 1500 points or more

The Cisco sigs are just too generic and trigger on regular HTML all the time. You might think about creating rules that look for the typical tests that an attacker (or pen tester) would use to find SQL injection vulns. i.e. the precursor to the actual SELECT,INSERT,DROP,WHATEVER.



This Discussion