sql injection update signature

Unanswered Question
Sep 17th, 2008
User Badges:


we are currently comparing cisco ips to tippingpoint, i have a cisco ips in front and tippingpoint in the back, so we are checking if cisco ips is missing on a lot of stuff , and currently it is missing on SQL injection attacks and cross scripting, which seems to be the weak point in cisco ips, its missing a lot on sql injection signatures, i mean why a simple update/set command does not have a signature ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Wed, 09/17/2008 - 06:45
User Badges:
  • Blue, 1500 points or more

Cisco just recently added some "generic SQL injection" signatures. Are you on the latest signature release? 5930-0 thru 5930-6 are the new ones. There is no update/set one though AFAICT. 5474-0 and 5474-1 are the only other signatures I'm aware of.

josephium Thu, 09/18/2008 - 01:35
User Badges:

Thank you for your reply, do you know how to get in contact with the ips signature engineers at Cisco , i would like to share my comparaison with them as well as an attack that is passing all sql injection signature containing update but with u%pdate and the sql database is interpreting it as a normal update.


This Discussion