08-09-2012 06:42 AM
Hi, recently a famous SQL Injection has started up once more.
Will there be a vulnerability signature update which includes this new version of the Lilupophilupop SQL Injection code?
More information can be found at ISC Diary | SQL Injection Lilupophilupop style, Part 2
-Dan
09-05-2012 02:41 PM
This link is only for submitting new application requests. For threat coverage, check out the threat vault or open a case with support for a new threat.
08-20-2012 03:23 PM
You can request app enhancement from the Apps and Threats Research Center.
http://www.paloaltonetworks.com/researchcenter/tools/
From there you can click on Submit an app and provide details there.
I think the above can also be used to suggest new/updated threatid's (in case the threat team somehow missed it).
09-05-2012 02:41 PM
This link is only for submitting new application requests. For threat coverage, check out the threat vault or open a case with support for a new threat.
09-05-2012 02:58 PM
We normally don't write signatures for specific URLs that end up getting inserted via SQL injection attacks, unless they are exceptionally pervasive. These are everywhere and it is impossible to cover them all. Instead we have generic SQL injection signatures that can detect many common SQL injection attempts, and customers can also write custom vulnerability signatures for specific SQL injection attacks that you may be concerned about.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
