Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SQL injection

Hi, in the cisco IPS there is only 2 signatures that detect SQL in http request, checking a certain select ... from statement, but there are a lot more SQL injection technigues using the Drop or the insert, checking also the (') ... why is there not much more signatures about SQL injection ? what is the best way to do them manually ?

Thank you

1 REPLY
Gold

Re: SQL injection

The Cisco sigs are just too generic and trigger on regular HTML all the time. You might think about creating rules that look for the typical tests that an attacker (or pen tester) would use to find SQL injection vulns. i.e. the precursor to the actual SELECT,INSERT,DROP,WHATEVER.

http://ha.ckers.org/sqlinjection/

170
Views
0
Helpful
1
Replies