Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sql injection update signature


we are currently comparing cisco ips to tippingpoint, i have a cisco ips in front and tippingpoint in the back, so we are checking if cisco ips is missing on a lot of stuff , and currently it is missing on SQL injection attacks and cross scripting, which seems to be the weak point in cisco ips, its missing a lot on sql injection signatures, i mean why a simple update/set command does not have a signature ?


Re: sql injection update signature

Cisco just recently added some "generic SQL injection" signatures. Are you on the latest signature release? 5930-0 thru 5930-6 are the new ones. There is no update/set one though AFAICT. 5474-0 and 5474-1 are the only other signatures I'm aware of.

New Member

Re: sql injection update signature

Thank you for your reply, do you know how to get in contact with the ips signature engineers at Cisco , i would like to share my comparaison with them as well as an attack that is passing all sql injection signature containing update but with u%pdate and the sql database is interpreting it as a normal update.

Cisco Employee

Re: sql injection update signature

Send us an email to one of the signature developers will pick it up.

CreatePlease login to create content