topic Re: Vuln Sigs for SQL Injection in General Topics https://live.paloaltonetworks.com/t5/general-topics/vuln-sigs-for-sql-injection/m-p/3329#M2484 <HTML><HEAD></HEAD><BODY><P class="MsoPlainText">We were looking couple of patterns:</P><P class="MsoPlainText"></P><P class="MsoPlainText">1) some SQL sentences/keywords which were used for SQL Injection attempt.</P><P class="MsoPlainText"><SPAN>&nbsp;&nbsp; </SPAN>like "union select", "select char" something.</P><P class="MsoPlainText"></P><P class="MsoPlainText">2) Some SQL functions which were used for SQL injection evasion.</P><P class="MsoPlainText"></P><P class="MsoPlainText">3) Some SQL "or" conditions which were used for SQL injection probe, like "or 1=1".</P><P class="MsoPlainText"></P><P></P><P class="MsoPlainText">If customer found those alerts, it might be a probe or from a scanner. It does not means customer's</P><P class="MsoPlainText">server is vulnerable.</P></BODY></HTML> Mon, 04 Oct 2010 20:56:54 GMT odaos 2010-10-04T20:56:54Z Vuln Sigs for SQL Injection https://live.paloaltonetworks.com/t5/general-topics/vuln-sigs-for-sql-injection/m-p/3328#M2483 <HTML><HEAD></HEAD><BODY><P>There are several sigs described as &amp;quot;HTTP SQL Injection&amp;quot; (30514, 33338, 33340, 33305, and maybe others) that are server-side mediums with a default alert. What are these signatures looking for? Atypical SQL statements that indicate an attempt to get more from a database than one might normally need? More info in the description would be helpful.</P></BODY></HTML> Mon, 04 Oct 2010 14:20:24 GMT https://live.paloaltonetworks.com/t5/general-topics/vuln-sigs-for-sql-injection/m-p/3328#M2483 gmoerschel 2010-10-04T14:20:24Z Re: Vuln Sigs for SQL Injection https://live.paloaltonetworks.com/t5/general-topics/vuln-sigs-for-sql-injection/m-p/3329#M2484 <HTML><HEAD></HEAD><BODY><P class="MsoPlainText">We were looking couple of patterns:</P><P class="MsoPlainText"></P><P class="MsoPlainText">1) some SQL sentences/keywords which were used for SQL Injection attempt.</P><P class="MsoPlainText"><SPAN>&nbsp;&nbsp; </SPAN>like "union select", "select char" something.</P><P class="MsoPlainText"></P><P class="MsoPlainText">2) Some SQL functions which were used for SQL injection evasion.</P><P class="MsoPlainText"></P><P class="MsoPlainText">3) Some SQL "or" conditions which were used for SQL injection probe, like "or 1=1".</P><P class="MsoPlainText"></P><P></P><P class="MsoPlainText">If customer found those alerts, it might be a probe or from a scanner. It does not means customer's</P><P class="MsoPlainText">server is vulnerable.</P></BODY></HTML> Mon, 04 Oct 2010 20:56:54 GMT https://live.paloaltonetworks.com/t5/general-topics/vuln-sigs-for-sql-injection/m-p/3329#M2484 odaos 2010-10-04T20:56:54Z